Commit Graph

740 Commits

Author SHA1 Message Date
Werner Koch e100ace7f8
dirmngr: Improve domaininfo cache update algorithm.
* dirmngr/domaininfo.c (struct domaininfo_s): Add field keepmark.
(insert_or_update): Implement new update algorithm.

--

The old algorithm limited the length of a bucket chain by purging the
last 50% or the entries.  Thus the first domains entered into the
cache were never purged.  The new algorithm is a bit better: It also
limits the chain length on overflow to 50% but tries to keep the
entries indicating that a WKD is available in the cache.  If there is
still space to keep more, those which clearly do not support WKD are
also kept.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-02 13:22:32 +02:00
Werner Koch 21b6740974
dirmngr: Better for error code for http status 413.
* dirmngr/ks-engine-hkp.c (send_request): New case for 413.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-29 14:20:47 +01:00
NIIBE Yutaka 8d1b598213 libdns: Don't use _[A-Z] which are reserved names.
* dirmngr/dns.c: Use the identifiers of "*_instance" instead of
reserved "_[A-Z]".

--

GnuPG-bug-id: 4420
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-03-25 19:39:44 +09:00
Werner Koch bdda31a26b
kbx: Unify the fingerprint search modes.
* kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR16)
(KEYDB_SEARCH_MODE_FPR20, KEYDB_SEARCH_MODE_FPR32): Remove.  Switch
all users to KEYDB_SEARCH_MODE_FPR along with the fprlen value.
--

These search modes were added over time and there has until recently
be no incentive to remove the cruft.  With the change for v5 keys I
finally went over all places and allowed the generic fingerprint mode
along with a given length of the fingerprint at all places.
Consequently the other modes can now be removed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-14 14:55:06 +01:00
Werner Koch 9f37e93dd7
dirmngr: Avoid testing for Tor with --gpgconf-list.
* dirmngr/dirmngr.c (post_option_parsing): Do not call set_tor_mode.
(dirmngr_sighup_action): Call it here.
(main): Call it here unless in --gpgconf-list mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-11 18:15:05 +01:00
Werner Koch 134c3c1652
dirmngr: Add CSRF protection exception for protonmail.
* dirmngr/http.c (same_host_p): Add exception table.
--

Please: Adding entries to this table shall be an exception and not the
rule.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-07 11:34:19 +01:00
NIIBE Yutaka 371ae25f8f libdns: Avoid using compound literals (8).
* dirmngr/dns.h (dns_quietinit): Remove.
(dns_hints_i_new): Remove.

--

Even before our change, dns_quietinit was questionable macro;  There
was no place in dns.c which requires overrides in initializer list.
Only redundant zero were.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-02-26 12:26:02 +09:00
NIIBE Yutaka d661acd483 libdns: Avoid using compound literals (7).
* dirmngr/dns.h (DNS_OPTS_INIT, dns_opts): Remove.
* dirmngr/dns-stuff.c (libdns_res_open): Use zero-ed, and initialized
automatic variable for opts.
* dirmngr/dns.c (send_query, resolve_query, resolve_addrinfo):
Likewise.

--

In fact, DNS_OPTS_INIT was only needed when args are none.  With
partially specified initialization, C99 guarantees zero-ed other
members just like static object.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-02-26 12:13:35 +09:00
NIIBE Yutaka 6501e59d36 libdns: Avoid using compound literals (6).
* dirmngr/dns.h (dns_rr_i_new): Remove.
(dns_rr_i_init): Remove unused second argument.
* dirmngr/dns.c (dns_p_dump, dns_hints_query, print_packet)
(parse_packet): Use automatic variable for struct dns_rr_i.
(dns_d_cname): No need to call dns_rr_i_init after memset 0.
(dns_rr_i_init): Remove unused second argument.  Return nothing.
* dirmngr/dns-stuff.c (resolve_addr_libdns, get_dns_cert_libdns)
(getsrv_libdns): Follow the change of dns_rr_i_init.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-02-26 11:55:32 +09:00
NIIBE Yutaka a1ccfe2b37 libdns: Avoid using compound literals (5).
* dirmngr/dns.h (dns_rr_foreach): Don't use dns_rr_i_new.
Call dns_rr_grep with NULL.
* dirmngr/dns.c (dns_rr_grep): Support NULL for error_.

--

Here we still use C99 feature of struct member initialization in
dns_rr_foreach, for struct dns_rr_i.  Note that in C99, it guarantees
non-specified member fields are initialized by zero.  So, there's no
need to use dns_rr_i_new at all.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-02-26 11:53:41 +09:00
NIIBE Yutaka 7313a112f9 libdns: Avoid using compound literals (4).
* dirmngr/dns.h (dns_d_new*): Remove.
* dirmngr/dns.c (parse_packet): Use dns_d_init with automatic
variable.
(parse_domain): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-02-26 10:58:16 +09:00
NIIBE Yutaka 72efb78402 libdns: Avoid using compound literals (3).
* dirmngr/dns.h (dns_p_new): Remove.
* dirmngr/dns.c (dns_hosts_query): Use dns_p_init with automatic
variable.
(dns_hints_query, dns_res_glue, parse_packet, query_hosts)
(send_query, show_hints, echo_port): Likewise.

--

Implicit automatic allocation by compound literals is confusing
for C90 code.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-02-26 10:34:03 +09:00
NIIBE Yutaka 455ef62d29 libdns: Avoid using compound literals (2).
* dirmngr/dns.h (dns_strsection1, dns_strsection3): Remove.
(dns_strclass1, dns_strclass3): Remove.
(dns_strtype1, dns_strtype3): Remove.
(dns_strsection, dns_strclass, dns_strtype): Directly use the
function.
* dirmngr/dns.c (dns_strsection): Use automatic variable.
(dns_strclass, dns_strtype): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-02-26 10:12:24 +09:00
NIIBE Yutaka 1c40549938 libdns: Avoid using compound literals.
* dirmngr/dns.c (dns_inet_pton, dns_so_tcp_keep): Use automatic
variables.
(dns_poll, dns_send_nopipe): Likewise, adding const qualifier.

--

Compound literals is a feature of C99.  Because we only use C90 plus
some limited features, in the project, it's better to avoid it.

Besides, we make sure when it's read-only.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-02-26 09:42:54 +09:00
NIIBE Yutaka 1f8817475f dirmngr: Fix initialization of assuan's nPth hook.
* dirmngr/dirmngr.c (main): Move assuan_set_system_hooks to...
(thread_init): ... here.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-01-25 10:15:39 +09:00
Werner Koch 40c307fa8d
Silence a few compiler warnings new with gcc 8.
* dirmngr/dns.c: Include gpgrt.h.  Silence -Warray-bounds also gcc.
* tools/gpg-pair-tool.c (command_respond): Init two vars to silence
gcc.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-17 18:46:26 +01:00
Werner Koch 05ef628278
dirmngr: Retry another server from the pool on 502, 503, 504.
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Add arg
http_status and handle it.
(ks_hkp_search): Get http_status froms end_request and pass on to
handle_send_request_error.
(ks_hkp_get): Ditto.
(ks_hkp_put): Ditto.
--

GnuPG-bug-id: 4175
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-11 13:39:41 +01:00
Werner Koch dc61f4ecea
dirmngr: New function http_status2string.
* dirmngr/http.c (http_status2string): New.
--

Right now only the standard 5xx codes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-11 13:24:31 +01:00
Werner Koch fa1b1eaa42
dirmngr: Avoid possible CSRF attacks via http redirects.
* dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path.
(http_redir_info_t): New.
* dirmngr/http.c (do_parse_uri): Set new fields.
(same_host_p): New.
(http_prepare_redirect): New.
* dirmngr/t-http-basic.c: New test.
* dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect
instead of the open code.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
--

With this change a http query will not follow a redirect unless the
Location header gives the same host.  If the host is different only
the host and port is taken from the Location header and the original
path and query parts are kept.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-22 22:36:07 +01:00
Werner Koch 914fa3be22
dirmngr: Support the new WKD draft with the openpgpkey subdomain.
* dirmngr/server.c (proc_wkd_get): Implement new openpgpkey subdomain
method.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-13 11:35:39 +01:00
Andre Heinecke 678e4706ee
dirmngr: Add FLUSHCRLs command
Summary:
* dirmngr/crlcache.c (crl_cache_flush): Also deinit the cache.
* dirmngr/server.c (hlp_flushcrls, cmd_flushcrls): New.
(register_commands): Add FLUSHCRLS.

--
This allows it to flush the CRL cache of a running dirmngr
server. This can be useful to debug / analyze CRL issues.

GnuPG-Bug-Id: T3967

Differential Revision: https://dev.gnupg.org/D469

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
(cherry picked from commit 00321a025f)
2018-11-12 13:54:26 +01:00
Werner Koch 6b9f772914
common: Prepare for parsing mail sub-addresses.
* common/mbox-util.c (mailbox_from_userid): Add arg subaddress and
implement.  Change all callers to pass false for it.

* common/t-mbox-util.c (run_mbox_no_sub_test): New.
(run_filter): Add arg no_sub.
(main): Call new test and add option --no-sub.
--

Some stats: In the about 5300000 keys on the SKS servers we found 3055
unique mailboxes with a '+' in it.  After removing leading and
trailing '+' as well as multiple '+' (e.g. "c++" or "foo+bar+baz")
2697 were left which seem to be valid sub-addresses.

To filter mailboxes out from a line delimited list with
user-ids (e.g. an SQL output), the command

   t-mbox-util --verbose --filter

can be used; to output w/o sub-addresses add --no-sub.

GnuPG-bug-id: 4200
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-12 07:44:33 +01:00
Werner Koch a3a5a24519
dirmngr: Fix LDAP port parsing.
* dirmngr/misc.c (host_and_port_from_url): Fix bad port parsing and a
segv for a missing slash after the host name.
--

Reportted-by: Tomas Mraz
GnuPG-bug-id: 4230
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-05 09:00:02 +01:00
Daniel Kahn Gillmor b39ece7d35 headers: fix spelling
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-25 16:53:05 -04:00
Werner Koch 2b57a8159c
dirmngr: Fix out of scope use of a var in the keyserver LDAP code.
* dirmngr/ks-engine-ldap.c (extract_attributes): Don't use a variabale
out of scope and cleanup the entire pgpKeySize block.
--

GnuPG-bug-id: 4229
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-25 17:34:24 +02:00
Daniel Kahn Gillmor 54eb375ff1 all: fix spelling and typos
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-24 15:56:18 -04:00
Werner Koch 256a280c51
dirmngr: Prepare for updated WKD specs with ?l= param
* dirmngr/server.c (proc_wkd_get): Tack the raw local address to the
request.
--

We append the raw non-canonicalized local address part to the hash.
Servers who serve the requests from static files will ignore the
parameters and a test with posteo shows that also services using a
database ignore the parameter.  The general idea is that service
providers may use their own canonicalization rules.  The problem is
that we currently filter the returned key for the full mail address
and thus we will never see a key if the service did a different
canonicalization than we.  So consider this to be an experiment.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-22 20:13:08 +02:00
Werner Koch 0a7f446c18
dirmngr: In verbose mode print the OCSP responder id.
* dirmngr/ocsp.c (ocsp_isvalid): Print the responder id.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-22 14:23:11 +02:00
NIIBE Yutaka 69bab1cba0 Revert "dirmngr: hkp: Avoid potential race condition when some hosts die."
This reverts commit 04b56eff11.

--

Now the access to hosttable is serialized correctly.
2018-09-11 14:04:37 +09:00
NIIBE Yutaka 995aded587 dirmngr: Serialize access to hosttable.
* dirmngr/dirmngr.h (ks_hkp_init): New.
* dirmngr/dirmngr.c (main): Call ks_hkp_init.
* dirmngr/ks-engine-hkp.c (ks_hkp_init): New.
(ks_hkp_mark_host): Serialize access to hosttable.
(ks_hkp_print_hosttable, make_host_part): Likewise.
(ks_hkp_housekeeping, ks_hkp_reload): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-11 14:02:53 +09:00
Werner Koch bee65edfbc
dirmngr: Emit SOURCE status also on NO_DATA.
* dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on
NO DATA error.
(ks_hkp_get): Ditto.
* g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info
also on error.
(gpg_dirmngr_ks_get): Ditto.
--

If a keyserver does not return any data it can be useful to know which
keyserver out of the pool answered.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-09-07 11:48:18 +02:00
Daniel Kahn Gillmor 04b56eff11 dirmngr: hkp: Avoid potential race condition when some hosts die.
* dirmngr/ks-engine-hkp.c (select_random_host): Use atomic pass
through the host table instead of risking out-of-bounds write.

--

Multiple threads may write to hosttable[x]->dead while
select_random_host() is running.  For example, a housekeeping thread
might clear the ->dead bit on some entries, or another connection to
dirmngr might manually mark a host as alive.

If one or more hosts are resurrected between the two loops over a
given table in select_random_host(), then the allocation of tbl might
not be large enough, resulting in a write past the end of tbl on the
second loop.

This change collapses the two loops into a single loop to avoid this
discrepancy: each host's "dead" bit is now only checked once.

As Werner points out, this isn't currently strictly necessary, since
npth will not switch threads unless a blocking system call is made,
and no blocking system call is made in these two loops.

However, in a subsequent change in this series, we will call a
function in this loop, and that function may sometimes write(2), or
call other functions, which may themselves block.  Keeping this as a
single-pass loop avoids the need to keep track of what might block and
what might not.

GnuPG-bug-id: 2836
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-09-07 14:28:11 +09:00
Werner Koch ebe727ef59
dirmngr: Validate SRV records in WKD queries.
* dirmngr/server.c (proc_wkd_get): Check the returned SRV record names
to mitigate rogue DNS servers.
--

I am not sure wether this really is very useful because the security
relies on a trustworthy DNS system anyway.  However, that check is
easy enough to do.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-27 12:24:23 +02:00
Werner Koch bd4048c533
dirmngr: Print a WARNING status for DNS config problems.
* dirmngr/dirmngr-status.h: New.
* dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes
to that file.
* dirmngr/t-support.c: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h.
(t_common_src): Add t-support.c.
* dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL.
* dirmngr/dns-stuff.c: Include dirmngr-status.h.
(libdns_init): Print WARNING status line.  Change call callers to take
and pass a CTRL argument.
* g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING
status.
--

To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run
gpg --recv-key -v SOMETHING.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-25 14:35:04 +02:00
NIIBE Yutaka 1aacd12471 libdns: For SOCKS connection, just fails.
* dirmngr/dns.c (dns_res_exec): If it's DNS_SO_SOCKS_CONN, don't
iterate to other server, but return the error immediately.

--

In the function libdns_switch_port_p in dns-stuff.c, this patch
allows to fallback using TOR_PORT2 correctly.

Fixes-commit: bcdbf8b8eb
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-07-02 10:37:49 +09:00
NIIBE Yutaka 861f1da073 libdns: Let kernel to decide the local port.
* dirmngr/dns.c (LEAVE_SELECTION_OF_PORT_TO_KERNEL): New.
(dns_socket): Don't select ephemeral port in user space.

--

There is no good reason to bind local port aggressively.  It might be
some reason to do so, then, a user can specify it in /etc/resolv.conf
by the second argument of "interface" directive.

At least, it causes a problem on Windows.  Binding a specified port in
user space can trigger the Firewall dialog on Windows.  Since it can
be considered valid question, it is better not to bind with an
ephemeral port which is selected in user space, by default.

GnuPG-bug-id: 3610
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-06-20 08:59:05 +09:00
NIIBE Yutaka a4a054bf14 libdns: Fix for non-FQDN hostname.
* dirmngr/dns.c (dns_resconf_open): Clear search[0] for non-FQDN
hostname.

--

GnuPG-bug-id: T3803
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-06-18 10:13:35 +09:00
NIIBE Yutaka bcdbf8b8eb libdns: Fix connect and try next nameserver when ECONNREFUSED.
* dirmngr/dns.c (dns_so_check): When EINVAL, release the association
by connect with AF_UNSPEC and try again.  Also try again for
ECONNREFUSED.
(dns_res_exec): Try next nameserver when ECONNREFUSED.

--

GnuPG-bug-id: T3374
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-06-15 12:58:29 +09:00
NIIBE Yutaka 1c0b6681e4 libdns: Clear struct sockaddr_storage by zero.
* dirmngr/dns.c (dns_resconf_pton): Clear SS.
(dns_resconf_setiface): Clear ->IFACE.
(dns_hints_root, send_query): Clear SS.

--

POSIX requires clear the structure of struct sockaddr_in6.  On macOS,
in some case like bind, it is better to clear even for struct
sockaddr_in.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-06-15 10:38:22 +09:00
NIIBE Yutaka 3e6ad302ea libdns: Sync to upstream.
* dirmngr/dns.c (dns_nssconf_loadfile): Handle exclamation mark.

--

Reverting local change, merge upstream's debug-tracing branch.
(commit 21281fc1b63bb74d51762b8e363c49b1a258783d)

Fixes-commit: d4c0187dd9
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-06-14 13:10:57 +09:00
NIIBE Yutaka 5b40338f12 dirmngr: Fix recursive resolver mode.
* dirmngr/dns-stuff.c (libdns_init): Initialize options.recurse.

--

To reproduce an error, run:

    ./t-dns-stuff --debug --recursive-resolver www.gnupg.org

Then, it returns "No name" error.  That's because there was only setup
for root servers, and no setup for recursive query in fact.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-06-14 13:01:45 +09:00
Werner Koch 7b7576637d
Merge branch 'STABLE-BRANCH-2-2' into master
--

Resolved Conflicts:
	NEWS  - removed
	configure.ac - removed

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-13 13:29:40 +02:00
Werner Koch 007dde93cc
dirmngr: Implement timeout for dirmngr_ldap under Windows.
* dirmngr/dirmngr_ldap.c (alarm_thread) [W32]: New.
(set_timeout): Implement for W32.
--

GnuPG-bug-id: 3937
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-02 18:40:01 +02:00
Werner Koch a598bbeeaf
dirmngr: Sleep in the ldap wrapper thread.
* dirmngr/ldap-wrapper.c (wrapper_list): Rename to reaper_list.
(ldap_reaper_thread): Protect all list modification with a mutex.  Use
a condition var to wake up the reaper thread.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-30 08:46:03 +02:00
Werner Koch f9fbfc64e4
dirmngr: Use the LDAP wrapper process also for Windows.
* dirmngr/ldap-wrapper.c: Revamp module to make use of es_poll for
portability.
* configure.ac: Always use the ldap wrapper.
--

Since the migration from GNU Pth to nPth the ldap wrapper never worked
reliable on Windows.  Our long term use of the old Window CE wrapper
thing didn't fixed this either.  The new code uses the portable
es_poll function and thus code which is tested at several other
places.  It Should(tm) fix the Windows issues.

GnuPG-bug-id: 3937
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-27 12:05:31 +02:00
Werner Koch d22506a343
dirmngr: Silence log output from dirmngr_ldap.
* dirmngr/dirmngr_ldap.c: Remove assert.h.
(main): Replace assert by log_assert.
* dirmngr/ldap.c (run_ldap_wrapper): Use debug options to pass
verbose options to dirmngr_ldap.
(start_cert_fetch_ldap): Ditto.
--

verbose is a pretty common option in dirmngr.conf and it would clutter
the logs with output from dirmngr_ldap.  Now we require DBG_EXTPROG
or DBG_LOOKUP to make dirmngr_ldap more verbose.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-27 11:57:08 +02:00
Werner Koch 5789afc840
dirmngr: Lower the dead host resurrection time to 1.5h
* dirmngr/ks-engine-hkp.c (RESURRECT_INTERVAL): Decrease.
(INITIAL_HOSTTABLE_SIZE): Increase because the old values was likely
for development.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-26 12:42:55 +02:00
Werner Koch cc66108253
dirmngr: Fix handling of CNAMEed keyserver pools.
* dirmngr/ks-engine-hkp.c (map_host): Don't use the cname for HTTPHOST.
* dirmngr/server.c (make_keyserver_item): Map keys.gnupg.net.
--

For a description of the problem see the comment in
make_keyserver_item.

GnuPG-bug-id: 3755
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-26 12:28:53 +02:00
Werner Koch bb8894760f
dirmngr: Add the used TLS library to the debug output.
* dirmngr/http.c (send_request): Print the used TLS library in debug
mode.
--

We allow two different TLS libararies and thus it is useful to see
that in the debug output of bug reports.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 15:25:26 +02:00
Werner Koch 1de4462974
dirmngr: Allow redirection from https to http for CRLs
* dirmngr/ks-engine.h (KS_HTTP_FETCH_NOCACHE): New flag.
(KS_HTTP_FETCH_TRUST_CFG): Ditto.
(KS_HTTP_FETCH_NO_CRL): Ditto.
(KS_HTTP_FETCH_ALLOW_DOWNGRADE): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Replace args send_no_cache
and extra_http_trust_flags by a new flags arg.  Allow redirectiong
from https to http it KS_HTTP_FETCH_ALLOW_DOWNGRADE is set.
* dirmngr/loadswdb.c (fetch_file): Call with KS_HTTP_FETCH_NOCACHE.
* dirmngr/ks-action.c (ks_action_get): Ditto.
(ks_action_fetch): Ditto.
* dirmngr/crlfetch.c (crl_fetch): Call with the appropriate flags.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 12:38:04 +02:00
Werner Koch 705d8e9cf0
dirmngr: Implement CRL fetching via https.
* dirmngr/http.h (HTTP_FLAG_TRUST_CFG): New flag.
* dirmngr/http.c (http_register_cfg_ca): New.
(http_session_new) [HTTP_USE_GNUTLS]: Implement new trust flag.
* dirmngr/certcache.c (load_certs_from_dir): Call new function.
(cert_cache_deinit): Ditto.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Add new args
'send_no_cache' and 'extra_http_trust_flags'.  Change all callers to
provide the default value.
* dirmngr/crlfetch.c (crl_fetch): Rewrite to make use of
ks_http_fetch.
--

The old code simply did not use https for downloading of CRLS.
Instead it rewrote https to http under the assumption that the CRL
service was also available without encryption.  Note that a CRL is
self-standing and thus it does not need to have extra authenticity as
provided by TLS.  These days we should not use any unencrypted content
and thus this patch.

Be aware that cacert.org give a https CRL DP but that currently
redirects to to http!  This is a downgrade attack which we detect and
don't allow.  The outcome is that it is right now not possible to use
CAcert certificates.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-25 12:38:04 +02:00
Werner Koch 460e3812be
dirmngr: Fallback to CRL if no default OCSP responder is configured.
* dirmngr/server.c (cmd_isvalid): Use option second arg to trigger
OCSP checkibng.  Fallback to CRL if no default OCSP responder has been
configured.
* sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Adjust accordingly.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-24 11:40:51 +02:00
Andre Heinecke 64c1fddb25
dirmngr: More binary I/O on Windows for CRLs
* dirmngr/crlcache.c (lock_db_file, crl_cache_insert): Open cache
file in binary mode.

--
CRLs on Windows would have line ending entries converted. This
did not cause problems in a surprising amount of cases but
can lead to unexpected and random parse / read errors. Especially
with large CRLs like cacert.

This bug has been around since 2004.

GnuPG-Bug-Id: T3923
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2018-04-20 15:58:42 +02:00
Werner Koch bbb5bfacc0
agent,dirmngr: Add "getenv" to the getinfo command.
* agent/command.c (cmd_getinfo): Add sub-command getenv.
* dirmngr/server.c (cmd_getinfo): Ditto.
--

It is sometimes helpful to be able to inspect certain envvars in a
running agent.  For example "http_proxy".

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 11:25:58 +02:00
Werner Koch f574aabeeb
Merge branch 'STABLE-BRANCH-2-2' into wk-master 2018-03-06 16:26:26 +01:00
Michał Górny ecfc4db3a2
dirmngr: Handle failures related to missing IPv6 gracefully
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle two more
error codes.

--
Handle the two possible connect failures related to missing IPv6 support
gracefully by marking the host dead and retrying with another one.
If IPv6 is disabled via procfs, connect() will return EADDRNOTAVAIL.
If IPv6 is not compiled into the kernel, it will return EAFNOSUPPORT.
This makes it possible to use dual-stack hkp servers on hosts not having
IPv6 without random connection failures.

GnuPG-bug-id: 3331

--

The above description seems to be for Linux, so it is possible that
other systems might behave different.  However, it is worth to try
this patch.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-22 20:46:51 +01:00
Werner Koch 20539ea5ca
Merge branch 'STABLE-BRANCH-2-2' 2018-02-22 16:19:56 +01:00
Werner Koch f19ff78f0f
common: Use new function to print status strings.
* common/asshelp2.c (vprint_assuan_status_strings): New.
(print_assuan_status_strings): New.
* agent/command.c (agent_write_status): Replace by call to new
function.
* dirmngr/server.c (dirmngr_status): Ditto.
* g13/server.c (g13_status): Ditto.
* g13/sh-cmd.c (g13_status): Ditto.
* sm/server.c (gpgsm_status2): Ditto.
* scd/command.c (send_status_info): Bump up N.
--

This fixes a potential overflow if LFs are passed to the status
string functions.  This is actually not the case and would be wrong
because neither the truncating in libassuan or our escaping is not the
Right Thing.  In any case the functions need to be more robust and
comply to the promised interface.  Thus the code has been factored out
to a helper function and N has been bumped up correctly and checked in
all cases.

For some uses this changes the behaviour in the error case (i.e. CR or
LF passed): It will now always be C-escaped and not passed to
libassuan which would truncate the line at the first LF.

Reported-by: private_pers
2018-02-14 12:21:44 +01:00
Werner Koch f8e868d9df
dirmngr: Improve assuan error comment for cmd keyserver.
* dirmngr/server.c: Add error comment in case --resolve fails in
ensure_keyserver.
--

GnuPG-bug-id: 3756
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-27 19:46:19 +01:00
Werner Koch c817e75028
Merge branch 'STABLE-BRANCH-2-2' into master
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-18 16:42:59 +01:00
Werner Koch c81a447190
Change backlog from 5 to 64 and provide option --listen-backlog.
* agent/gpg-agent.c (oListenBacklog): New const.
(opts): New option --listen-backlog.
(listen_backlog): New var.
(main): Parse new options.
(create_server_socket): Use var instead of 5.
* dirmngr/dirmngr.c: Likewise.
* scd/scdaemon.c: Likewise.
--

GnuPG-bug-id: 3473
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-12 14:14:40 +01:00
Werner Koch 20b52be9ca
dirmngr: Check for WKD support at session end
* dirmngr/domaininfo.c (insert_or_update): Copy the name.
* dirmngr/misc.c (copy_stream): Allow arg OUT to be NULL.
* dirmngr/server.c (set_error): Protect CTX.
(dirmngr_status): Protect against missing ASSUAN_CTX.
(dirmngr_status_help): Ditto.
(dirmngr_status_printf): Ditto.
(cmd_wkd_get): Factor code out to ...
(proc_wkd_get): new func.  Support silent operation with no CTX.
(task_check_wkd_support): New.
--

This finalizes the feature to efficiently cache WKD checks.  If a
standard WKD query returns no data, we queue a test to be run after
the end of the session (so that we do not delay the calling client).
This check tests whether the server responsible for the queried
address has WKD at all enabled.  The test is done by checking whether
the "policy" file exists.  We do not check the "submission-address"
file because that is not necessary for the web key operation.  The
policy file is now required.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d4e2302d8f)
2017-12-11 11:31:15 +01:00
Werner Koch f2997adee0
dirmngr: Add a background task framework.
* dirmngr/workqueue.c: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add new file.
* dirmngr/server.c (server_local_s): New field session_id.
(cmd_wkd_get): Add a task.
(task_check_wkd_support): New stub function.
(cmd_getinfo): New sub-commands "session_id" and "workqueue".
(start_command_handler): Add arg session_id and store it in
SERVER_LOCAL.
(dirmngr_status_helpf): New.
* dirmngr/dirmngr.h (wqtask_t): New type.
* dirmngr/dirmngr.c (main): Pass 0 as session_id to
start_command_handler.
(start_connection_thread): Introduce a session_id and pass it to
start_command_handler.  Run post session tasks.
(housekeeping_thread): Run global workqueue tasks.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 96a4fbecd1)
2017-12-11 11:30:45 +01:00
Werner Koch 7a663c296e
dirmngr: Limit the number of cached domains for WKD.
* dirmngr/domaininfo.c (MAX_DOMAINBUCKET_LEN): New.
(insert_or_update): Limit the length of a bucket chain.
(domaininfo_print_stats): Print just one summary line.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 26f08343fb)
2017-12-11 11:29:51 +01:00
Werner Koch 6c1dcd79cf
dirmngr: Keep track of domains used for WKD queries
* dirmngr/domaininfo.c: New file.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add file.
* dirmngr/server.c (cmd_wkd_get): Check whether the domain is already
known and tell domaininfo about the results.
--

This adds a registry for domain information to eventually avoid
useless queries for domains which do not support WKD.  The missing
part is a background task to check whether a queried domain supports
WKD at all and to expire old entries.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 65038e6852)
2017-12-11 11:27:22 +01:00
Werner Koch 34defc9bce
Adjust for changed macro names in libgpg-error master.
* common/logging.h (GPGRT_LOGLVL_): New replacement macros for older
libgpg-error versions.

--

Updates-commit: b56dfdfc18
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-11 10:42:23 +01:00
Werner Koch b56dfdfc18
Use the gpgrt log functions if possible.
* common/logging.c: Do not build any code if we can use the gpgrt_log
functions.
(log_logv_with_prefix): Rename to log_logv_prefix and change order of
args so that this function matches its printf like counterpart
gpgrt_logv_prefix.  Change all callers.
(log_debug_with_string): Rename to log_debug_string. Change all
callers.
(log_printhex): Move first arg to end so that this function matches
its printf like counterpart gpgrt_log_printhex.  Change all callers.
* common/logging.h: Divert to gpgrt/libgpg-error if we can use the
gpgrt_log functions.
(bug_at): Add inline versions if we can use the gpgrt_log functions.
* configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM.
(mycflags): Add -Wno-format-zero-length.
--

This patch enables the use of the log function from libgpgrt (aka
libgpg-error).  Instead of checking a version number, we enable them
depending on macros set by recent gpg-error versions.  Eventually the
whole divert stuff can be removed.

The -Wno-format-zero-length is required because log_printhex can be
called with an empty format string.  Note that this is fully specified
standard C behaviour.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-27 15:00:25 +01:00
Werner Koch 668f6c3de6
Merge branch 'STABLE-BRANCH-2-2' into master 2017-11-20 14:54:54 +01:00
Werner Koch 2aa106d6a4
dirmngr: Fix double free of a hash context in the error case.
* dirmngr/crlcache.c: Clearly document that this fucntions takes
ownership of MD.
(abort_sig_check): Allow NULL for MD.
(crl_parse_insert): Immediately set MD to NULL.  Remove check for md
before a calling abort_sig_check.
--

GnuPG-bug-id: 3510
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-17 10:38:46 +01:00
Werner Koch 0cfdd3b57d
assuan: Fix exponential decay for first second.
* common/asshelp.c (wait_for_sock): Round SECSLEFT.
* dirmngr/dirmngr.c (main): Take care of --debug-wait also in dameon
mode.
* common/sysutils.c (gnupg_usleep) [HAVE_NANOSLEEP]: Fix nanosleep use.
--

Without the rounding we saw in verbose mose

 [...]to come up ... (5s)
 [...]to come up ... (4s)

immediately without the expected one second delay.  Waiting for the
next seconds did not work if nanosleep was used due to improper passed
parameters in gnupg_usleep.

Adding --debug-wait for dirmngr in daemon mode is required to test
this change.

GnuPG-bug-id: 3490
Fixes-commit: 149041b0b9
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-15 15:31:52 +01:00
Werner Koch d4e2302d8f
dirmngr: Check for WKD support at session end
* dirmngr/domaininfo.c (insert_or_update): Copy the name.
* dirmngr/misc.c (copy_stream): Allow arg OUT to be NULL.
* dirmngr/server.c (set_error): Protect CTX.
(dirmngr_status): Protect against missing ASSUAN_CTX.
(dirmngr_status_help): Ditto.
(dirmngr_status_printf): Ditto.
(cmd_wkd_get): Factor code out to ...
(proc_wkd_get): new func.  Support silent operation with no CTX.
(task_check_wkd_support): New.
--

This finalizes the feature to efficiently cache WKD checks.  If a
standard WKD query returns no data, we queue a test to be run after
the end of the session (so that we do not delay the calling client).
This check tests whether the server responsible for the queried
address has WKD at all enabled.  The test is done by checking whether
the "policy" file exists.  We do not check the "submission-address"
file because that is not necessary for the web key operation.  The
policy file is now required.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-14 16:24:12 +01:00
Werner Koch 96a4fbecd1
dirmngr: Add a background task framework.
* dirmngr/workqueue.c: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add new file.
* dirmngr/server.c (server_local_s): New field session_id.
(cmd_wkd_get): Add a task.
(task_check_wkd_support): New stub function.
(cmd_getinfo): New sub-commands "session_id" and "workqueue".
(start_command_handler): Add arg session_id and store it in
SERVER_LOCAL.
(dirmngr_status_helpf): New.
* dirmngr/dirmngr.h (wqtask_t): New type.
* dirmngr/dirmngr.c (main): Pass 0 as session_id to
start_command_handler.
(start_connection_thread): Introduce a session_id and pass it to
start_command_handler.  Run post session tasks.
(housekeeping_thread): Run global workqueue tasks.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-14 13:42:18 +01:00
Werner Koch 26f08343fb
dirmngr: Limit the number of cached domains for WKD.
* dirmngr/domaininfo.c (MAX_DOMAINBUCKET_LEN): New.
(insert_or_update): Limit the length of a bucket chain.
(domaininfo_print_stats): Print just one summary line.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-14 09:04:52 +01:00
Werner Koch 65038e6852
dirmngr: Keep track of domains used for WKD queries
* dirmngr/domaininfo.c: New file.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add file.
* dirmngr/server.c (cmd_wkd_get): Check whether the domain is already
known and tell domaininfo about the results.
--

This adds a registry for domain information to eventually avoid
useless queries for domains which do not support WKD.  The missing
part is a background task to check whether a queried domain supports
WKD at all and to expire old entries.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-13 16:09:32 +01:00
Werner Koch 30f21f8b0f
dirmngr: Reduce default LDAP timeout to 15 seconds.
* dirmngr/dirmngr.c (DEFAULT_LDAP_TIMEOUT): Change to 15.
* dirmngr/dirmngr_ldap.c (DEFAULT_LDAP_TIMEOUT): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit ab7ac82704)
GnuPG-bug-id: 3487
2017-11-07 10:05:18 +01:00
Werner Koch ab7ac82704
dirmngr: Reduce default LDAP timeout to 15 seconds.
* dirmngr/dirmngr.c (DEFAULT_LDAP_TIMEOUT): Change to 15.
* dirmngr/dirmngr_ldap.c (DEFAULT_LDAP_TIMEOUT): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-07 10:02:53 +01:00
Damien Goutte-Gattat 1ba308aa03
dirmngr: Do not follow https-to-http redirects.
* dirmngr/ks-engine-http.c (ks_http_fetch): Forbid redirects from
a https URI to a http URI.
--

GnuPG-bug-id: 3436
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2017-10-19 15:32:38 +02:00
Werner Koch df692a6167
dirmngr: Use system certs if --hkp-cacert is not used.
* dirmngr/certcache.c (any_cert_of_class): New var.
(put_cert): Set it.
(cert_cache_deinit): Clear it.
(cert_cache_any_in_class): New func.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Add hack to
override empty list of HKP certs.
--

This patch carries the changes for GNUTLS from commit
7c1613d415 over to NTBTLS.  NTBTLS works
quite different and thus we need to do it this way.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-09-18 22:49:05 +02:00
Werner Koch 482fd5758c
dirmngr,w32: Fix http connection timeout problem.
* dirmngr/http.c (connect_with_timeout) [W32]: Take care of EAGAIN.
--

GnuPG-bug-id: 3319
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-31 13:12:37 +02:00
Werner Koch c5e5748480
dirmngr: Do not use a blocking connect in Tor mode.
* dirmngr/http.c (http_raw_connect): Disable the timeout in Tor mode.
(send_request): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-26 13:48:27 +02:00
Werner Koch fd68bdb61e
dirmngr: Auto-enable Tor on startup or reload.
* dirmngr/dirmngr.c (dirmngr_use_tor): Test for Tor availibility.
--

GnuPG-bug-id: 2935
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-26 10:58:15 +02:00
Werner Koch d50c2eff8d
agent,dirmngr: Check for homedir removal also using stat(2).
* agent/gpg-agent.c (have_homedir_inotify): New var.
(reliable_homedir_inotify): New var.
(main):  Set reliable_homedir_inotify.
(handle_tick): Call stat on the homedir.
(handle_connections): Mark availibility of the inotify watch.
* dirmngr/dirmngr.c (handle_tick): Call stat on the homedir.
(TIMERTICK_INTERVAL_SHUTDOWN): New.
(handle_connections): Depend tick interval on the shutdown state.
--

The stat call is used on systems which do not support inotify and also
when we assume that the inotify does not work reliable.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-26 10:27:36 +02:00
Werner Koch 0ef50340ef
w32: Also change the directory on daemon startup.
* agent/gpg-agent.c (main): Always to the chdir.
* dirmngr/dirmngr.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
--

Note that only dirmngr did not call the chdir with --no-detach.  thus
we kept it this way.

Tested gpg-agent by checking the properties shown by procexp.

Gnupg-bug-id: 2670
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-25 13:04:18 +02:00
Werner Koch 226f143ca0
common: New functions gnupg_daemon_rootdir and gnupg_chdir.
* common/sysutils.c (gnupg_chdir): New.
* common/homedir.c (gnupg_daemon_rootdir): New.
* agent/gpg-agent.c (main): Use these functions instead chdir("/").
* dirmngr/dirmngr.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-25 12:43:37 +02:00
Werner Koch f2d2648a4d
Revert "w32: Change directory on daemon startup."
--
This reverts commit 78ebc62604.
Gnupg-bug-id: 2670
2017-07-25 12:19:08 +02:00
NIIBE Yutaka d40b4a41a8 dirmngr: Add annotation for fallthrough.
* dirmngr/dns.c: Add /* FALL THROUGH */ to clarify.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-25 11:49:23 +09:00
Werner Koch e975482239
dirmngr: Print a SOURCE status for WKD requests.
* dirmngr/server.c (cmd_wkd_get): Print a SOURCE status.
--

This status allows to see whether the the WKD requests has been
resolved from the standard address or from a SRV record derived one.
We return only host and port and not the .well-known suffix because
that is obvious.  HTTP redirects are not taken in account because they
may chnage at any time due to load balancing etc and not relevant for
gpg which may use the URL to detect changes in the WKD results.

For example my current setup returns

    S SOURCE https://wkd.gnupg.org

for wk@gnupg.org.  Without a SRV record

    S SOURCE https://gnupg.org

would have been returned.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-24 20:09:52 +02:00
Werner Koch 9b88cfa096
dirmngr: New function dirmngr_status_printf.
* dirmngr/server.c (dirmngr_status_printf): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-24 20:09:52 +02:00
Marcus Brinkmann 78ebc62604 w32: Change directory on daemon startup.
* agent/gpg-agent.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
* dirmngr/dirmngr.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
* scd/scdaemon.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2670
2017-07-24 16:31:55 +02:00
NIIBE Yutaka ade4b2744c dirmngr: More minor fix.
* dirmngr/http.c (send_request): Care the case of !USE_TLS.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-24 16:09:11 +09:00
NIIBE Yutaka 789401e955 dirmngr: More minor fixes.
* dirmngr/http.c (http_verify_server_credentials): Duplicated const.
* dirmngr/ldap.c (parse_one_pattern): Add comment.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-24 15:35:34 +09:00
NIIBE Yutaka 274602820c dirmngr: Minor fix for Windows.
* dirmngr/http.c (connect_with_timeout): Use FD2INT.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-24 15:30:56 +09:00
NIIBE Yutaka cc12cf386b dnsmngr: Fix use of CPP.
* dirmngr/dns.c (HAVE_STATIC_ASSERT, HAVE___ATOMIC_FETCH_ADD)
(DNS_HAVE_SOCKADDR_UN, HAVE_SOCK_NONBLOCK): Don't use defined
to be expanded for expression evaluation.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-20 13:19:18 +09:00
Justus Winter e7fc6e3bf0
dirmngr: Forbid redirects from .onion to clearnet URIs.
* dirmngr/ks-engine-hkp.c (send_request): Forbid redirects from .onion
to clearnet URIs.
* dirmngr/ks-engine-http.c (ks_http_fetch): Likewise.
--
This protects users from misconfigured .onion services.

GnuPG-bug-id: 3087
Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 17:02:25 +02:00
Justus Winter da91d2106a
dirmngr: Implement TLS over http proxies.
* dirmngr/http.c (send_request): If a http proxy is to be used, and we
want to use TLS, try to use the CONNECT method to get a connection to
the target server.

GnuPG-bug-id: 2940
Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 12:14:30 +02:00
Justus Winter e7eabe66b6
dirmngr: Log http response in debug mode.
* dirmngr/http.c (parse_response): Log http response in debug mode.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 12:14:28 +02:00
Justus Winter 1ba220e681
dirmngr: Amend TLS handling.
* dirmngr/http.c (http_wait_response): Get the 'use_tls' flag from the
write cookie, not from the URI.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 12:14:27 +02:00
Justus Winter 46a4a0c0e7
dirmngr: Fix connecting to http proxies.
* dirmngr/http.c (send_request): Do not use the 'srvtag' intended for
the target host to connect to the http proxy.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 12:14:25 +02:00
Justus Winter 73d4781e45
dirmngr: Fix handling of proxy URIs.
* dirmngr/http.c (send_request): We do not support socks4.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19 11:18:39 +02:00
NIIBE Yutaka fa63db89f9 Fix usage of ARGPARSE_OPTS.
* agent/gpg-agent.c, agent/preset-passphrase.c,
dirmngr/dirmngr-client.c, dirmngr/dirmngr_ldap.c, kbx/kbxutil.c,
tools/gpg-check-pattern.c, tools/gpgconf.c, tools/gpgsplit.c,
tools/symcryptrun.c: Use ARGPARSE_end.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-19 13:41:18 +09:00
Justus Winter b231959728
dirmngr: Honor http keyserver URLs.
* dirmngr/http.c (parse_uri): Keep an unmodified copy of the URI.
* dirmngr/http.h (struct parsed_uri_s): New field 'original'.
* dirmngr/ks-action.c (ks_action_get): Properly handle http and https
URLs.
--

If a key has a http or https URL as preferred keyserver, fetch the key
from there.  Previously, dirmngr unconditionally interpreted these
URLs as hkp servers.

GnuPG-bug-id: 2924
Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-18 13:56:33 +02:00
Justus Winter ebb35ed711
dirmngr: Fix memory leak.
* dirmngr/http.c (parse_uri): Properly free partial results.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-18 13:49:24 +02:00
Justus Winter 3d670fa973
dirmngr: Fix memory leak.
* dirmngr/http.c (http_release_parsed_uri): Free 'params'.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-18 13:49:22 +02:00
Werner Koch 957f8ebc89
dirmngr: Fix license note in server.c
--

This double license note was accidentally added while only wanting to
add another copyright line.

Fixes-commit: 3419a339d9
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-12 12:37:16 +02:00
Werner Koch 815ecdf08a
build: Add missing LIBASSUAN_CFLAGS to dirmngr/.
* dirmngr/Makefile.am (t_http_CFLAGS): Add LIBASSUAN_CFLAGS.
(t_ldap_parse_uri_CFLAGS): Ditto.
(t_dns_stuff_CFLAGS): Ditto.
--

GnuPG-bug-id: 2424
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-23 12:01:20 +02:00
Justus Winter 48aae8167d
dirmngr: Properly handle SRV records.
* dirmngr/ks-engine-hkp.c (enum ks_protocol): New type.
(struct hostinfo_s): New flags indicating whether we already did a
A lookup, or a SRV lookup per protocol.  Turn 'port' into an array.
(create_new_hostinfo): Initialize new fields.
(add_host): Update the port for the given protocol.
(map_host): Simplify hosttable lookup misses.  Check the SRV records
for both protocols on demand, do the A lookup just once.  Return the
correct port.
--

Previously, if a host had both a SRV record for hkp and hkps, the
wrong port was used for the protocol that was used second, because the
hostinfo did not store a port per protocol, and the hosttable does not
discriminate between hosts using the protocol.

Fix this by querying the SRV records on demand, storing a port per
protocol, and returning the right port.

GnuPG-bug-id: 3033
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-20 16:38:54 +02:00
Justus Winter fc4834d213
dirmngr: Refactor variable-sized array code.
* dirmngr/ks-engine-hkp.c (struct hostinfo_s): Add explicit length and
size fields.
(MAX_POOL_SIZE): New macro.
(create_new_hostinfo): Initialize new fields.
(host_in_pool_p): Adapt.
(select_random_host): Likewise.
(add_host): Likewise.  Move the resizing logic here.
(hostinfo_sort_pool): New function.
(map_host): Simplify.  Move the resizing logic away from here.
(ks_hkp_mark_host): Adapt.
(ks_hkp_print_hosttable): Likewise.
--

The current code assumes that the pool array is only filled when the
hostinfo object is created.  This patch removes that limitation.

GnuPG-bug-id: 3033
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-20 16:37:11 +02:00
Justus Winter 794261c4bd
dirmngr: Fix typo.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-20 13:34:12 +02:00
Werner Koch 3419a339d9
Change license of some files to LGPLv2.1.
* COPYING.LIB: Rename to COPYING.LGPL3.
* COPYING.LGPL21: New.
* COPYING.GPL2: New.
* Makefile.am: Distribute them.
* AUTHORS: Update license pointers.  Add BSI as copyright holder.
* common/compliance.c, common/compliance.h: Add BSI copyright notice.
Break overlong lines.
* dirmngr/loadswdb.c: Add BSI copyright notices.
* dirmngr/server.c: Ditto.
* tools/call-dirmngr.c: Change license to LGPLv2.1.  Add BSI
copyright notice.
* tools/call-dirmngr.h: Ditto.
* tools/gpg-wks-client.c: Ditto.
* tools/gpg-wks-server.c: Ditto.
* tools/gpg-wks.h: Ditto.
* tools/mime-maker.c: Ditto.
* tools/mime-maker.h: Ditto.
* tools/mime-parser.c: Ditto.
* tools/mime-parser.h: Ditto.
* tools/send-mail.c: Ditto.
* tools/send-mail.h: Ditto.
* tools/wks-receive.c: Ditto.
* tools/wks-util.c: Ditto.
* tools/rfc822parse.c, tools/rfc822parse.h: Change license to LGPLv2.1.
--

For better deployment it seems to be better to make the Web Key
Directory code more easily available.

Some code was been developed under contract of the BSI.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-19 12:42:13 +02:00
Justus Winter 15d2a00993
dirmngr: Implement querying nameservers over IPv6.
* dirmngr/dns.c (dns_so_check): Reinitialize sockets on address family
mismatch.
(enum dns_res_state): New states for querying over IPv6.
(dns_res_exec): Implement the new states by copying and modifying the
IPv4 variants.  Branch to their respective counterparts if the current
list of resolvers using the current address family is exhausted.
--

This allows dirmngr to resolve names on systems where the nameservers
are only reachable via IPv6.

GnuPG-bug-id: 2990
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-13 11:33:06 +02:00
Werner Koch 9b43220b8a
dirmngr: Implement HTTP connect timeouts of 15 or 2 seconds.
* dirmngr/dirmngr.c (oConnectTimeout, oConnectQuickTimeout): New
enums.
(opts): New options --connect-timeout and --connect-quick-timeout.
(DEFAULT_CONNECT_TIMEOUT): New.
(DEFAULT_CONNECT_QUICK_TIMEOUT): New.
(parse_rereadable_options): Handle new options.
(post_option_parsing): New.  Use instead of direct calls to
set_debug() and set_tor_mode ().
(main): Setup default timeouts.
(dirmngr_init_default_ctrl): Set standard connect timeout.
* dirmngr/dirmngr.h (opt): New fields connect_timeout and
connect_quick_timeout.
(server_control_s): New field timeout.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass timeout to
http_raw_connect.
* dirmngr/ks-engine-hkp.c (send_request): Call
http_session_set_timeout.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/server.c (cmd_wkd_get, cmd_ks_search, cmd_ks_get)
(cmd_ks_fetch): Implement --quick option.
--

The standard connect timeouts are way to long so we add a timeout to
the connect calls.  Also implement the --quick option which is already
used by gpg for non-important requests (e.g. looking up a key for
verification).

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 09:37:36 +02:00
Werner Koch 5b9025cfa1
dirmngr: Allow a timeout for HTTP and other TCP connects.
* dirmngr/http.c: Include fcntl.h.
(http_session_s): Add field 'connect_timeout'.
(http_session_new): Clear that.
(http_session_set_timeout): New function.
(my_wsagetlasterror) [W32]: New.
(connect_with_timeout): New function.
(connect_server): Add arg 'timeout' and call connect_with_timeout.
(send_request): Add arg 'timeout' and pass it to connect_server.
(http_raw_connect): Add arg 'timeout'.
(http_open): Pass TIMEOUT from the session to connect_server.
--

Note that the non-blocking connect we implement is traditional a
pretty non-portable thing due to slighly different semantics.  The
code uses the strategy W. Richard Stevens suggested in 1998.
Hopefully current OS versions got it all right.

The code has not been tested on Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 09:37:36 +02:00
Werner Koch de3a0988ef
dirmngr: This towel should better detect a changed resolv.conf.
* dirmngr/dns-stuff.c (resolv_conf_changed_p): Fix initialization time
issue.
--

Fixes-commit: b5f356e9fb
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-05-25 20:26:54 +02:00
Werner Koch b5f356e9fb
dirmngr: Re-init libdns resolver on towel change of resolv.conf
* dirmngr/dns-stuff.c: Include sys/stat.h.
(RESOLV_CONF_NAME): New macro to replace a string.
(resolv_conf_changed_p): New.
(libdns_init): Call new function
(libdns_res_open): Ditto.
--

Don't panic.  This is a simple change
Suggested-by: Stefan Bühler <stbuehler@web.de>
to avoid complicated if-up.d hooks to reload resolv.conf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-05-25 11:37:21 +02:00
Andre Heinecke abe3a9043f
dirmngr,w32: Fix ldap crl read on windows
Summary:
* dirmngr/ldap-wrapper-ce.c (outstream_cookie_s): Add buffer_read_pos.
(buffer_get_data): Use seperate read pos.

--
Using a single buffer pos for reading and writing caused the read
to return 0 as it read from the end of the buffer. Now we use
a seperate reader position.

Differential: D427

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2017-05-15 12:49:39 +02:00
NIIBE Yutaka 0ce94a9698 g10, sm, dirmngr, common: Add comment for fall through.
* common/b64dec.c (b64dec_proc): Comment to clarify.
* dirmngr/cdblib.c (cdb_make_put): Use same pattern to clarify.
* dirmngr/dirmngr-client.c (read_pem_certificate): Likewise.
* dirmngr/ks-engine-hkp.c (ks_hkp_get): Likewise.
* g10/armor.c (unarmor_pump): Likewise.
* g10/gpg.c (main): Likewise.
* g10/import.c (read_block): Likewise.
* g10/keygen.c (make_backsig): Likewise.
* g10/pkclist.c (check_signatures_trust):  Likewise.
* sm/gpgsm.c (main): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-10 11:13:12 +09:00
NIIBE Yutaka 5c8fe54809 Spelling fixes in docs and comments.
--

In addition, fix trailing spaces in tests/inittests.

GnuPG-bug-id: 3121
Reported-by: ka7 (klemens)
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 10:06:33 +09:00
NIIBE Yutaka 247932f367 dirmngr: Fix aliasing problem in dns.c.
* dirmngr/dns.c (dns_ai_setent): Care about aliasing.

--

Co-authored-by: Tomas Mraz
GnuPG-bug-id: 3105
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-25 21:00:41 +09:00
NIIBE Yutaka 4b2581dc0e dirmngr: Fix final close of LISTEN_FD.
* dirmngr/dirmngr.c (handle_connections): Close LISTEN_FD.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-18 09:04:11 +09:00
NIIBE Yutaka 0d0a7efa8f dirmngr: Fix API difference for Windows.
* dirmngr/http.c (read_server, write_server): Use assuan_fd_t.
(http_wait_response): Use FD2INT to get unsigned integer fd.
(read_server, write_server): Likewise.
(simple_cookie_read, simple_cookie_write): Use assuan_fd_t.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-18 09:03:14 +09:00
NIIBE Yutaka adb77d095b dirmngr: More fix for test program.
* dirmngr/t-http.c (main): Care about no TLS.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-14 09:18:41 +09:00
NIIBE Yutaka 4771bad610 dirmngr: More fix for Windows.
* dirmngr/http.c (simple_cookie_read, simple_cookie_write): Only
valid with HTTP_USE_NTBTLS.
(_my_socket_new): Simply cast to int since it's for debug.
(_my_socket_ref, _my_socket_unref): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-14 08:32:49 +09:00
NIIBE Yutaka 86dcb03134 dirmngr: Fix http.c for sockaddr_storage.
dirmngr/http.c (use_socks): Use sockaddr_storage.
(my_sock_new_for_addr, connect_server): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-13 14:46:57 +09:00
NIIBE Yutaka 892b33bb2c dirmngr: Fix alignment of ADDR.
* dirmngr/dns-stuff.h (dns_addrinfo_s): Use struct sockaddr_storage
for size and alignment.
* dirmngr/dns-stuff.c (resolve_name_libdns): Follow the change.
(resolve_dns_name): Use struct sockaddr_storage.
(resolve_addr_standard, resolve_dns_addr): Likewise.
(resolve_dns_addr): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-13 14:33:33 +09:00
NIIBE Yutaka 37018adce6 dirmngr: Fix thread key type.
* dirmngr/dirmngr.c (my_tlskey_current_fd): Use npth_key_t.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-13 13:06:38 +09:00
NIIBE Yutaka 5af104b541 dirmngr: More fix for Windows.
* dirmngr/dns.c (socket_fd_t, STDCALL): New.
(dns_te_initname): Use.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-13 09:52:19 +09:00
NIIBE Yutaka 6755b3b505 dirmngr: Fix type of sock.
* dirmngr/http.c (send_request): Use assuan_fd_t for SOCK.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-12 20:50:50 +09:00
NIIBE Yutaka 7ae1857c90 dirmngr: Fix possible null reference.
* dirmngr/dns.c (dns_error_t dns_trace_fput): Check NULL.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-12 15:58:11 +09:00
NIIBE Yutaka 60d9a9e6b4 dirmngr: Fix plus1_ns.
* dirmngr/dns.c (plus1_ns): Fix the initial implementation.

--

Fixes-commit: 64904ce627
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-12 11:44:10 +09:00
NIIBE Yutaka bd0c94939f dirmngr: Fix dns-stuff.c in another way.
* dirmngr/dns-stuff.c (T_CERT): Define our own.

--

T_CERT may be defined by another enum type even if the value is same.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-12 10:22:03 +09:00
NIIBE Yutaka 0b904ddea8 Revert "dirmngr: Fix dns-stuff.c."
This reverts commit 1538523156.
2017-04-12 10:00:37 +09:00
NIIBE Yutaka 1538523156 dirmngr: Fix dns-stuff.c.
* dirmngr/dns-stuff.c: Don't include arpa/nameser.h.

--

It is not needed at all.  T_CERT may be defined by different type of
ns_type.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-12 09:48:27 +09:00
NIIBE Yutaka 64904ce627 dirmngr: Use a function to increment network short.
* dirmngr/dns.c (plus1_ns): New.
(dns_p_push): Use it.

--

On OpenBSD, htons and ntohs are expanded to GCC's statement
expressions where local variable is allowed.  Consecutive use
of htons and ntohs causes problem of variable name.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-12 09:11:20 +09:00
NIIBE Yutaka 3133402241 dirmngr: Fix build for Windows.
* dirmngr/ldap-wrapper-ce.c (outstream_cookie_writer): Use
gpgrt_ssize_t.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-11 16:12:34 +09:00
Werner Koch 3533b85440
dirmngr: New option --disable-ipv6
* dirmngr/dirmngr.h (struct opt): Add field 'disable_ipv6'.
* dirmngr/dirmngr.c (oDisableIPv6): New const.
(opts): New option --disable-ipv6.
(parse_rereadable_options): Set that option.
* dirmngr/dns-stuff.c (opt_disable_ipv6): New var.
(set_dns_disable_ipv6): New.
(resolve_name_standard): Make use of it.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Take care of
OPT.DISABLE_IPV6.
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
(send_request): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-03 20:56:12 +02:00
Werner Koch fce36d7ec8
dirmngr,w32: Silence the 'certificate already cached' message.
* dirmngr/certcache.c (load_certs_from_w32_store): Silenece an info
message.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-03 20:34:21 +02:00
Werner Koch cc32ddbcba
dirmngr: Handle EIO which is sometimes returned by cookie functions.
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle EIO.
--

Suggested-by: Andre Heinecke
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-03 20:23:18 +02:00
Werner Koch 35c843c815
dirmngr: Always print a warning for a missing /etc/hosts.
* dirmngr/dns-stuff.c (libdns_init): No Windows specific handling of a
missing /etc/hosts.
--

My last comment on this was flawed.  Windows seems to always have its
version of /etc/hosts.  Only the en passant fixed bad escaping led me
assume that this was the case.  Thanks to Andre for complaining about
my comment remark.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-03 20:20:49 +02:00
Werner Koch 5d873f288e
dirmngr: Do not assume that /etc/hosts exists.
* dirmngr/dns-stuff.c (libdns_init): Do not bail out.
--

A standard Windows installation does not have a hosts file and thus we
can't bail out here.  We should also not bail out on a Unix system
because /etc/hosts is just one method in  nsswitch.conf.

Fixes-commit: 88f1505f06
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-03 20:06:57 +02:00
Justus Winter 483c1288a8
dirmngr: Fix error handling.
* dirmngr/dns-stuff.c (libdns_init): Convert error before printing it.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-03-21 14:22:13 +01:00
Justus Winter 88f1505f06
dirmngr: Load the hosts file into libdns.
* dirmngr/dns-stuff.c (libdns_init): Actually load the hosts file into
libdns.
--

Previously, connecting to key servers specified in /etc/hosts was not
possible because libdns' hosts structure was initialized, but not
filled with the content of the hosts file.

GnuPG-bug-id: 2977
Signed-off-by: Justus Winter <justus@g10code.com>
2017-03-21 14:18:25 +01:00
Werner Koch 69c521df42
dirmngr: Ignore warning alerts in the GNUTLS handshake.
* dirmngr/http.c (send_request) [GNUTLS]: Don't bail out on warning
alerts.
--

GnuPG-bug-id: 2833
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-17 12:50:35 +01:00
NIIBE Yutaka 70aca95d68 Remove -I option to common.
* dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* g10/Makefile.am (AM_CPPFLAGS): Ditto.
* g13/Makefile.am (AM_CPPFLAGS): Ditto.
* kbx/Makefile.am (AM_CPPFLAGS): Ditto.
* scd/Makefile.am (AM_CPPFLAGS): Ditto.
* sm/Makefile.am (AM_CPPFLAGS): Ditto.
* tools/Makefile.am (AM_CPPFLAGS): Ditto.
* Throughout: Follow the change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 20:25:54 +09:00
Werner Koch 8f0bf644bc
doc: Replace README.maint content.
--
2017-03-07 10:34:08 +01:00
Werner Koch 67c203b6bf
dirmngr: Fix commit de6d8313
* dirmngr/http-common.c (get_default_keyserver): Fix assert.
--

Fixes-commit: de6d8313f6
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-03 17:17:26 +01:00
Werner Koch 1890896fe6
dirmngr: Rearrange files to fix de6d831.
* dirmngr/http-common.c: New.
* dirmngr/http-common.h: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add them.
(t_http_SOURCES): Add them.
(t_ldap_parse_uri_SOURCES): Add them.
* dirmngr/misc.c (get_default_keyserver): Move to ...
* dirmngr/http-common.c: here.
* dirmngr/http.c: Include http-common.h instead of misc.h.
* dirmngr/http-ntbtls.c: Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-02 18:35:03 +01:00
Werner Koch de6d8313f6
dirmngr: Let --gpgconf-list return the default keyserver.
* dirmngr/misc.c (get_default_keyserver): New.
* dirmngr/http.c: Include misc.h
(http_session_new): Use get_default_keyserver instead of hardwired
"hkps.pool.sks-keyservers.net".
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
* dirmngr/dirmngr.c (main) <aGPGCongList>: Return default keyserver.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-02 17:58:58 +01:00
Daniel Kahn Gillmor f5782e11a5 dirmngr: Avoid warnings during non-ntbtls build.
* dirmngr/t-http.c (my_http_tls_verify_cb): Avoid warnings when not
using ntbtls.

--

Without this patch, when building without ntbtls, we see the following
warnings during "make check":

t-http.c: In function ‘my_http_tls_verify_cb’:
t-http.c:141:16: warning: implicit declaration of function
      ‘ntbtls_x509_get_peer_cert’ [-Wimplicit-function-declaration]
        (cert = ntbtls_x509_get_peer_cert (tls_context, idx)); idx++)
                ^~~~~~~~~~~~~~~~~~~~~~~~~
t-http.c:141:14: warning: assignment makes pointer from integer
       without a cast  -Wint-conversion]
        (cert = ntbtls_x509_get_peer_cert (tls_context, idx)); idx++)
              ^
At top level:
t-http.c:123:1: warning: ‘my_http_tls_verify_cb’ defined but not
      used [-Wunused-function]
 my_http_tls_verify_cb (void *opaque,
 ^~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-25 22:54:47 -08:00
Werner Koch 22b69b9edf
dirmngr: Add new debug flag "extprog"
* dirmngr/dirmngr.h (DBG_EXTPROG_VALUE, DBG_EXTPROG): New macros.
* dirmngr/dirmngr.c (debug_flags): Add flag "extprog".
(handle_connections): Use a macro instead of -1 for an invalid socket.
* dirmngr/loadswdb.c (verify_status_cb): Debug the gpgv call.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 20:14:16 +01:00
Werner Koch a42bf00b4e
dirmngr,w32: Make https with ntbtls work.
* dirmngr/http.c (simple_cookie_functions): New.
(send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie.
(cookie_read): Factor some code out to ...
(read_server): new.
(simple_cookie_read, simple_cookie_write) [W32]: New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 10:30:58 +01:00
Daniel Kahn Gillmor ccb420380b Fix spelling.
--

Clean up several other misspellings noticed while reviewing Yuri's
de-duplication patch.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-21 13:11:46 -05:00
Yuri Chornoivan 24cf0606b4 Clean up word replication.
--

This fixes extra word repetitions (like "the the" or "is is") in the
code and docs.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-21 13:11:46 -05:00
Werner Koch 831d014550
dirmngr: Add special treatment for the standard hkps pool to ntbtls.
* dirmngr/validate.h (VALIDATE_FLAG_SYSTRUST): Remove
(VALIDATE_FLAG_EXTRATRUST): Remove
(VALIDATE_FLAG_TRUST_SYSTEM): New.
(VALIDATE_FLAG_TRUST_CONFIG): New.
(VALIDATE_FLAG_TRUST_HKP): New.
(VALIDATE_FLAG_TRUST_HKPSPOOL): New.
(VALIDATE_FLAG_MASK_TRUST): New.
* dirmngr/validate.c (check_header_constants): New.
(validate_cert_chain): Call new function.  Simplify call to
is_trusted_cert.
* dirmngr/crlcache.c (crl_parse_insert): Pass
VALIDATE_FLAG_TRUST_CONFIG to validate_cert_chain
* dirmngr/server.c (cmd_validate): Use VALDIATE_FLAG_TRUST_SYSTEM and
VALIDATE_FLAG_TRUST_CONFIG.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Check provided TLS
context.  Set trustclass flags using the new VALIDATE_FLAG_TRUST
values.

* dirmngr/certcache.c (cert_cache_init): Load the standard pool
certificate prior to the --hkp-cacerts.
--

Note that this changes the way the standard cert is used: We require
that it is installed at /usr/share/gnupg and we do not allow to change
it.  If this is not desired, the the standard cert can be removed or
replaced by a newer one.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 14:55:04 +01:00
Werner Koch d1625a9a82
dirmngr: Load --hkp-cacert values into the certificate cache.
* dirmngr/dirmngr.c (hkp_cacert_filenames): New var.
(parse_rereadable_options): Store filenames from --hkp-cacert in the
new var.
(main, dirmngr_sighup_action): Pass that var to cert_cache_init.
* dirmngr/certcache.c (cert_cache_init): Add arg 'hkp_cacert' and load
those certs.
(load_certs_from_file): Use autodetect so that PEM and DER encodings
are possible.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 13:57:24 +01:00
Werner Koch 9741aa24d9
dirmngr: Load "sks-keyservers.netCA.pem" into the cache.
* dirmngr/certcache.c (load_certs_from_file): Always build this
function.  Add args 'trustclasses' and 'no_error'.  Pass TRUSTCLASSES
to put_cert.
(load_certs_from_system): Pass CERTTRUST_CLASS_SYSTEM to
load_certs_from_file.
(cert_cache_init): Try to load "sks-keyservers.netCA.pem".  Don't make
function fail in an out-of-core condition.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 12:42:34 +01:00
Werner Koch 50b9828eac
dirmngr: Implement trust classes for the cert cache.
* dirmngr/certcache.h (CERTTRUST_CLASS_SYSTEM): New.
(CERTTRUST_CLASS_CONFIG): New.
(CERTTRUST_CLASS_HKP): New.
(CERTTRUST_CLASS_HKPSPOOL): New.
* dirmngr/certcache.c (MAX_EXTRA_CACHED_CERTS): Rename to ...
(MAX_NONPERM_CACHED_CERTS): this.
(total_extra_certificates): Rename to ...
(total_nonperm_certificates): this.
(total_config_certificates): Remove.
(total_trusted_certificates): Remove.
(total_system_trusted_certificates): Remove.
(cert_item_s): Remove field 'flags'.  Add fields 'permanent' and
'trustclasses'.
(clean_cache_slot): Clear new fields.
(put_cert): Change for new cert_item_t structure.
(load_certs_from_dir): Rename arg 'are_trusted' to 'trustclass'
(load_certs_from_file): Use CERTTRUST_CLASS_ value for put_cert.
(load_certs_from_w32_store): Ditto.
(cert_cache_init): Ditto.
(cert_cache_print_stats): Rewrite.
(is_trusted_cert): Replace arg 'with_systrust' by 'trustclasses'.
Chnage the test.
* dirmngr/validate.c (allowed_ca): Pass CERTTRUST_CLASS_CONFIG to
is_trusted_cert.
(validate_cert_chain): Pass CERTTRUST_CLASS_ values to
is_trusted_cert.
--

These trust classes make it easier to select certain sets of root
certificates.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 12:23:20 +01:00
Werner Koch 493c142e58
dirmngr: New Assuan option "http-crl".
* dirmngr/dirmngr.h (server_control_s): New flag 'http_no_crl'.
* dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set this flag.
* dirmngr/server.c (option_handler): New option "http-crl"
* dirmngr/http.h (HTTP_FLAG_NO_CRL): New flag.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Consult this flag.
* dirmngr/ks-engine-hkp.c (send_request): Set flag depending on CTRL.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.

* dirmngr/t-http.c (main): New option --no-crl.
--

This new option can be used to enable CRL checks on a per session
base.  The default is not to use CRLs for https connections.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:37:07 +01:00
Werner Koch 39c7450381
dirmngr: Add a magic field to the http structs.
* dirmngr/http.c (HTTP_SESSION_MAGIC): New.
(http_session_s): New field 'magic'.
(HTTP_CONTEXT_MAGIC): New.
(http_context_s): New field 'magic'.
(my_ntbtls_verify_cb): Assert MAGIC.
(fp_onclose_notification): Ditto.
(session_unref): Ditto.  Reset MAGIC.
(http_session_new): Set MAGIC.
(http_open): Ditto.
(http_raw_connect): Ditto.
(http_close): Assert MAGIC.  Reset MAGIC.

* dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused.
--

We pass those handles through opaque pointers.  The magic numbers will
help to detect wrong use.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-21 09:13:02 +01:00
Werner Koch a022baa4a4
dirmngr: Setup a log handler for ntbtls.
* dirmngr/dirmngr.c (my_ntbtls_log_handler) [HTTP_USE_NTBTLS]: New.
(main) [HTTP_USE_NTBTLS]: Register log handler.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-20 17:24:00 +01:00
Werner Koch e174893262
dirmngr.c: Make http.c build without any TLS support.
* dirmngr/http.c (http_session_new): Remove used of tls_prority.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-20 10:02:25 +01:00
Werner Koch 81ea24b863
dirmngr: Make t-http.c work again with gnutls - second try
* dirmngr/t-http.c: Always include ksba.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-20 09:53:31 +01:00
Werner Koch f923873863
dirmngr: Make t-http.c work again with gnutls.
* dirmngr/Makefile.am (t_http_CFLAGS, t_http_LDADD): Add KSBA flags
and libs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-20 09:48:37 +01:00
Werner Koch 64fffd0ce2
dirmngr: First take on ntbtls cert verification.
* dirmngr/http-ntbtls.c: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add file.
* dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New.
(server_conrol_s): Add field 'magic',
* dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC.
(dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef.
* dirmngr/http.c (my_ntbtls_verify_cb): New.
(http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code.
(send_request) [HTTP_USE_NTBTLS]: Set the verify callback.  Do not call
the verify callback after the handshake.
* dirmngr/ks-engine-hkp.c (send_request): Pass
gnupg_http_tls_verify_cb to http_session_new.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.

* dirmngr/t-http.c (my_http_tls_verify_cb): New.
(main): Rename option --gnutls-debug to --tls-debug.
(main) [HTTP_USE_NTBTLS]: Create a session.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-19 10:36:43 +01:00
Werner Koch a74902cccd
dirmngr: Add per-session verify callback to http.c
* dirmngr/http.h (http_verify_cb_t): New type.
* dirmngr/http.c (http_session_s): Add fields flags, verify_cb, and
verify_cb_value.
(http_session_new): Remove arg tls_priority.  Add args verify_cb and
verify-cb_value.  Store them in the session object.
(send_request): Use per-session verify callback.
(http_verify_server_credentials) [HTTP_USE_NTBTLS]: Return
GPG_ERR_NOT_IMPLEMENTED.
* dirmngr/ks-engine-hkp.c (send_request): Adjust for changed
http_session_new.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/t-http.c (main): Ditto.

* dirmngr/server.c (do_get_cert_local): Replace xmalloc by malloc.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-18 16:39:02 +01:00
Werner Koch cd32ebd152
dirmngr: Strip the default https port from the Host: header.
* dirmngr/http.c (send_request): Strip the default https port.

--

GnuPG-bug-id: 2965
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-17 21:59:45 +01:00
Werner Koch f07811ee2c
dirmngr: Add option --no-crl to the VALIDATE cmd.
* dirmngr/validate.h: Remove enums VALIDATE_MODE_*.
(VALIDATE_FLAG_SYSTRUST, VALIDATE_FLAG_EXTRATRUST)
(VALIDATE_FLAG_CRL, VALIDATE_FLAG_RECURSIVE)
(VALIDATE_FLAG_OCSP, VALIDATE_FLAG_TLS)
(VALIDATE_FLAG_NOCRLCHECK): New constants.
* dirmngr/validate.c (validate_cert_chain): Change arg 'mode' to
'flags'.  Change code accordingly.  Remove NO-CRL in TLS mode kludge.
* dirmngr/crlcache.c (crl_parse_insert): Change to use flag values for
the validate_cert_chain call.
* dirmngr/server.c (cmd_validate): Ditto.  Add new option --no-crl.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-17 21:31:33 +01:00
Werner Koch 070211eb99
dirmngr: Add options --tls and --systrust to the VALIDATE cmd.
* dirmngr/certcache.h (certlist_s, certlist_t): New.
* dirmngr/certcache.c (read_certlist_from_stream): New.
(release_certlist): New.
* dirmngr/server.c (MAX_CERTLIST_LENGTH): New.
(cmd_validate): Add options --tls and --systrust.  Implement them
using a kludge for now.
* dirmngr/validate.c (validate_cert_chain): Support systrust
checking.  Add kludge to disable the CRL checking for tls mode.
--

This can now be used to test a list of certificates as returned by
TLS.  Put the certs PEM encoded into a a file certlist.pem with the
target certificate being the first.  Then run

  gpg-connect-agent --dirmngr \
    '/definqfile CERTLIST wiki-gnupg-chain.pem' \
    'validate --systrust --tls' /bye

CRLS check has been disabled becuase we can't yet pass the systrust
flag to the CRL checking code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-17 16:41:02 +01:00
Werner Koch ed99af030d
dirmngr: Remove use of hardcoded numbers in validate.
* dirmngr/validate.c (enum cert_usage_modes): New.
(cert_usage_p): Change type of arg MODE.  Use enums instead of
hardwired values.  Use a switch instead of tricky bit tests.
(cert_use_cert_p, cert_use_ocsp_p, cert_use_crl_p): Adjust.

* dirmngr/validate.c (cert_usage_p): Rename to check_cert_usage.
(cert_use_cert_p): Rename to check_cert_use_cert.
(cert_use_ocsp_p): Rename to check_cert_use_ocsp.
(cert_use_crl_p): Rename to check_cert_use_crl.

* dirmngr/validate.h (VALIDATE_MODE_CERT_SYSTRUST): New.
(VALIDATE_MODE_TLS, VALIDATE_MODE_TLS_SYSTRUST): New.

--

A function with a "_p" suffix return 0 for a True just looks weird.
We now use names which better indicate that an error code is returned.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-17 16:41:02 +01:00
Werner Koch 7006352da7
dirmngr,w32: Load all system provided certificates.
* dirmngr/certcache.c (CERTOPENSYSTEMSTORE) [W32]: New type.
(CERTENUMCERTIFICATESINSTORE) [W32]: New type.
(CERTCLOSESTORE) [W32]: New type.
(load_certs_from_file) [W32]: Do not build.
(load_certs_from_w32_store) [W32]: New.
(load_certs_from_system) [W32]: Call new function.
--

GnuTLS loads the system certificates from the "ROOT" and "CA" store;
thus we do the same.  On a Visa box you may for example see 21 from
"ROOT" and 6 from "CA".

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-16 21:25:58 +01:00
Werner Koch 9a1a5ca0bc
dirmngr: Load all system provided certificates.
* configure.ac: Add option --default-trust-store.
(DEFAULT_TRUST_STORE_FILE): New ac_define.
* dirmngr/certcache.c: Include ksba-io-support.h.
(total_trusted_certificates, total_system_trusted_certificates): New.
(put_cert): Manage the new counters.
(cert_cache_deinit): Reset them.
(cert_cache_print_stats): Print them.
(is_trusted_cert): Add arg WITH_SYSTRUST.  Change all callers to pass
false.
(load_certs_from_file): New.
(load_certs_from_system): New.
(cert_cache_init): Load system certificates.
--

Note that this code does not yet allow to load the system certificates
on Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-16 18:58:27 +01:00
Werner Koch 5c4e67afd6
dirmngr: Prepare certcache for forthcoming changes.
* dirmngr/certcache.c (cert_item_s): Rename 'flags.loaded' to
'flags.config'.  Add 'flags.systrust'.
(total_loaded_certificates): Rename to total_config_certificates.
(put_cert): Rename args for clarity.  Set SYSTRUST flag.
(load_certs_from_dir): Make sure put_cert does not set the SYSTRUST
flag.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-16 11:51:57 +01:00
Werner Koch 1af733f37b
indent: Reformat and extend some comments in dirmngr.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-16 11:01:19 +01:00
Werner Koch aef60abe6a
dirmngr: Replace stpcpy chains by strconcat.
* dirmngr/certcache.c (find_cert_bysn): Use strconcat.
(find_cert_bysubject): Ditto.
* dirmngr/http.c (store_header): Ditto.
* dirmngr/ldap.c (make_url): Ditto.
* dirmngr/server.c (get_cert_local_ski): Ditto.
(do_get_cert_local): Use xstrconcat.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-16 10:33:26 +01:00
Werner Koch a3509e12b6
libdns: Workaround for bracketed numerical addresses.
* dirmngr/dns-stuff.c (resolve_name_libdns): Work around an
incompatibility between the glibc resolver and libdns.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-15 19:20:33 +01:00
Werner Koch a75325faf1
dirmngr: Do PTR lookups only for 'keyserver --hosttable'.
* dirmngr/ks-engine-hkp.c (hostinfo_s): Remove fields v4addr and
v5addr and add fields iporname and iporname_valid.
(create_new_hostinfo): Clear them.
(add_host): Remove the code to set the v4addr and v6addr fields.
(ks_hkp_print_hosttable): Remove printing of the fields.  Compute the
iporname field and display it.
(ks_hkp_reload): Force re-computing of the iporname field in
ks_hkp_print_hosttable.
--

GnuPG-bug-id: 2928
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-15 19:20:33 +01:00
Werner Koch da2ba20868
dirmngr: Avoid PTR lookup for hosts in a pool
* dirmngr/ks-engine-hkp.c (add_host): Don't to a PTR lookup for hosts
in a pool.
--

GnuPG-bug-id: 2928
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-15 19:20:33 +01:00
Werner Koch dee026d761
dirmngr: Do a DNS lookup even if it is missing from nsswitch.conf.
* dirmngr/dns-stuff.c (libdns_init): Do not print error message for a
missing nsswitch.conf.  Make sure that tehre is a DNS entry.
--

GnuPG-bug-id: 2948
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-13 20:13:05 +01:00
Werner Koch 7440119e72
dirmngr: New option --no-use-tor and internal changes.
* dirmngr/dns-stuff.c (disable_dns_tormode): New.
* dirmngr/dirmngr.c (oNoUseTor): New const.
(opts): New option --no-use-tor.
(tor_mode): New var.
(parse_rereadable_options): Change to use TOR_MODE.
(dirmngr_use_tor): New.
(set_tor_mode): Call disable_dns_tormode.  Implement oNoUseTor.
* dirmngr/dirmngr.h (opt): Remove field 'use_tor'.  Replace all
references by a call to dirmngr_use_tor().
* dirmngr/server.c (cmd_getinfo): Distinguish between default and
enforced TOR_MODE.
--

This patch replaces the global variable opt.use_tar by a function
testing a file local mode flag.  This patch prepares for a
use-tor-if-available mode.

GnuPG-bug-id: 2935
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-01 17:54:14 +01:00
Werner Koch f518196ca6
Fix explanation of commit e175152ef7.
--
2017-02-01 08:18:44 +01:00
Werner Koch b0e8376e19
dirmngr: Require --allow-version-check even if --use-tor is used.
* dirmngr/dirmngr.c (housekeeping_thread): Load swdb only if the
option is set.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-31 13:24:24 +01:00
Werner Koch 770b75a746
gpg: Print a warning on Tor problems.
* dirmngr/ks-engine-hkp.c (tor_not_running_p): New.
(map_host): Call that to print a warning.
(handle_send_request_error): Ditto and avoid marking the host dead.
Also print a tor_config_problem warning.  Add arg CTRL; adjust callers
to pass that new arg.
* g10/call-dirmngr.c (ks_status_cb): Detect and print the new
warnings.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 20:52:24 +01:00
Werner Koch 51e5a5e5a4
dirmngr: Simplify error returning inside http.c.
* dirmngr/http.c (connect_server): Change to return an gpg_error_t
and to store socket at the passed address.
(http_raw_connect, send_request): Adjust accordingly.
--

This change removes cruft from the code and allows to return the error
code from the name lookup.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 20:52:24 +01:00
Werner Koch 72736af86a
dirmngr: New option --disable-ipv4.
* dirmngr/dirmngr.c (oDisableIPv4): New const.
(opts): New option --disable-ipv4.
(parse_rereadable_options): Set that option.
* dirmngr/dirmngr.h (opt): New field 'disable_ipv4'.
* dirmngr/dns-stuff.c (opt_disable_ipv4): bew var.
(set_dns_disable_ipv4): New.
(resolve_name_standard): Skip v4 addresses when OPT_DISABLE_IPV4 is
set.
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
(send_request): Pass HTTP_FLAG_IGNORE_IPv4 if opt.disable_v4 is set.
* dirmngr/crlfetch.c (crl_fetch): Ditto.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 20:52:24 +01:00
Werner Koch af5979a42b
Fix format string errors and some missing error case initialization.
* common/logging.c (do_logv): Remove extra parentheses in comparison.

* dirmngr/dns-stuff.c (resolve_addr_libdns): Init RES so that
dns_res_close is given a defined value in the error case.

* dirmngr/http.c (cookie_read, cookie_write) [HTTP_USE_NTBTLS]: Fix
format string char.

* dirmngr/ks-engine-hkp.c (ks_hkp_help): Remove duplicate "const".
* dirmngr/ks-engine-http.c (ks_http_help): Ditto.
* dirmngr/ks-engine-kdns.c (ks_kdns_help): Ditto.
* dirmngr/ks-engine-ldap.c (ks_ldap_help): Ditto.

* scd/app-p15.c (send_keypairinfo, do_getattr): Fix format string
char.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Init PID for the
error case.
(scdaemon_runtime_change): Ditto.
(dirmngr_runtime_change): Ditto.

* tools/gpgconf.c (query_swdb): Init VALUE_SIZE_UL.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-23 16:33:01 +01:00
Werner Koch 3ca3da8fc4
dirmngr: On SIGHUP mark all keyservers alive.
* dirmngr/ks-engine-hkp.c (ks_hkp_reload): New.
* dirmngr/dirmngr.c (dirmngr_sighup_action): Call it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-23 13:07:54 +01:00
Gaetan Bisson d4c0187dd9
libdns: Hack to skip negation term.
* dirmngr/dns.c (dns_nssconf_loadfile): Skip negation terms in
nsswitch.conf parser.
--

This small patch was submitted along with this comment:

  We've been having issues over at Arch Linux with the new libdns
  code.  Our /etc/nsswitch.conf contains the following line:

    hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname

  And it turns out dirmngr fails to parse the negation statement (the
  bang in !UNAVAIL). This results in gnupg not being able to resolve
  any name.

  Looking at dirmngr/dns.c it was unclear to me how to properly handle
  such negations. The dns_anyconf_scan calls used in
  dns_nssconf_loadfile do not allow to store a negation bit easily...

  In the meantime, I wrote the attached patch which ignores those
  statements altogether. It makes libdns work as expected for us.

Commit log written by wk
2017-01-23 12:46:35 +01:00
Werner Koch 9ae0b81e4f
dirmngr: Print debug message only with --debug.
* dirmngr/dns-stuff.c (libdns_init): Call log_debug only if opt_debug
is set.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-23 11:39:20 +01:00
Phil Pennock 88ade475c5
dirmngr: Handle missing nsswitch.conf.
* dirmngr/dns-stuff.c (libdns_init): Fallback to files,dns.

--

Signed-off-by: Phil Pennock <phil@pennock-tech.com>

ChangeLog entry by wk.

This fixed the problem:

  Short version: macOS doesn't include /etc/nsswitch.conf and GnuPG's
  dirmngr is hard-erroring when that file is missing, such that no DNS
  operations succeed and --recv-key returns ENOENT type errors to the
  caller.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-23 11:02:41 +01:00
NIIBE Yutaka 367349b4dc dirmngr: Add setup of CA for NTBTLS.
* dirmngr/http.c [HTTP_USE_NTBTLS] (http_session_new): Add CA by
ntbtls_set_ca_chain.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-19 15:39:55 +09:00
Werner Koch e6aebfe3d0
dirmngr: Implement hkps lookups using literal addresses.
* dirmngr/ks-engine-hkp.c (map_host): For literal addresses do a
reverse lookup.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-16 19:12:03 +01:00
Werner Koch 9850124c7b
dirmngr: Allow reverse DNS lookups in Tor-mode.
* dirmngr/dns-stuff.c (resolve_dns_name): Move up in the file.
(resolve_addr_libdns): New.
(resolve_dns_addr): Divert to resolve_dns_addr.
--

In the old code reverse lookups where disabled in Tor mode.  By
implementing the reverse lookups via libdns it is now possible to do
them also in Tor mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-16 19:12:03 +01:00
Werner Koch daae97bc14
dirmngr: Avoid network queries for literal IP addresses.
* dirmngr/dns-stuff.c (resolve_name_libdns): USe flags AI_NUMERICHOST
for literal IP addresses.
(resolve_name_standard): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-16 19:12:03 +01:00
Werner Koch 82646bbf1a
dirmngr: Fix URL creation for literal IPv6 addresses in HKP.
* dirmngr/dns-stuff.c (is_ip_address): Make the return value depend on
the address family.
* dirmngr/ks-engine-hkp.c (map_host): Rename arg R_POOLNAME to
R_HTTPHOST because that is its purpose.  Note that the former
behaviour of storing a NULL to indicate that it is not a pool has not
been used.
(make_host_part): Ditto.
(make_host_part): Make sure that literal v6 addresses are correclty
marked in the constructed URL.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-16 19:12:03 +01:00
Werner Koch 97372b39cd
libdns: Silence -Wstrict-prototypes on some function ptrs.
* dirmngr/dns.c (dns_rrtype): Ignore -Wstrict-prototypes warning.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-12 09:22:14 +01:00
Werner Koch 0fadff9cdd
libdns: Provide replacement for EPROTO.
* dirmngr/dns.c (EPROTO) ![EPROTO]: Define to EPROTONOSUPPORT.
--

This is the same replacement we use in Libassuan
(commit 8ab3b9273524bd344bdb90dd5d3bc8e5f53ead6e) to make it work on
OpenBSD and may other BSD based OSes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-12 09:20:49 +01:00
Werner Koch 20dfcfe08c
dirmngr: After a connection failure log a hint if Tor is not running.
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Check whether
Tor is running.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 17:09:16 +01:00
Werner Koch 76fb2febde
dirmngr: Mark hosts dead on ENETDOWN.
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Take care of
ENETDOWN.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 16:43:30 +01:00
Werner Koch 09aeac41c9
dirmngr: Fix Tor access for v6 addresses.
* dirmngr/http.c (use_socks): New.
(my_sock_new_for_addr): New.
(connect_server): Replace assuan_sock_new by my_sock_new_for_addr.
--

Libassuan always uses 127.0.0.1 to connect to the local Tor proxy.
https.c used to create a socket for the actual address family and thus
the connect call in Libassuan fails when it tries to connect to a v6
address using a v4 socket.

It would be cleaner to have the my_sock_new_for_addr function as a
public interface in Libassuan; for now we need to duplicate some code.
from Libassuan.

GnuPG-bug-id: 2902
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 16:41:15 +01:00
Werner Koch 915864e7f0
dirmngr: Remove warnings about unused global variables.
* dirmngr/crlcache.c (oidstr_issuingDistributionPoint): Comment.
* dirmngr/ocsp.c (oidstr_certHash): Comment.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:48:20 +01:00
Werner Koch da894c48ec
dirmngr: Implement debug option "network" for http.
* dirmngr/dirmngr.c (parse_rereadable_options): Set http debugging.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:42:44 +01:00
Werner Koch 02ab4b0085
dirmngr: Add debug code to http.c.
* dirmngr/http.c (opt_verbose, opt_debug): New vars.
(http_set_verbose): New function.
(_my_socket_new): Add debug output.
(_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if
OPT_DEBUG has ben set to 2 in a debugger.
(http_session_new, http_session_ref): Ditto.
(send_request, http_start_data): Print debug output for the request.
(parse_response): Change to use log_debug_string for the response.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:42:44 +01:00
Werner Koch 0cc975d8a1
dirmngr: Use "pgpkey-hkps" and "pgpkey-hkp" for SRV record lookups.
* dirmngr/ks-engine-hkp.c (map_host): Chnage arg NO_SRV to SRVTAG.
(make_host_part): Rewrite.
--

This fixes a regression from 2.0 and 1.4 where these tags have been in
used since 2009.  For whatever reason this was not ported to 2.1 and
"hkp" was always used.

GnuPG-bug-id: 2451
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-09 10:42:30 +01:00
Werner Koch c2cbe2f87c
dirmngr: Do not use a SRV record for HKP if a port was specified.
* dirmngr/http.h (parsed_uri_s): Add field EXPLICIT_PORT.
* dirmngr/http.c (do_parse_uri): That it.
* dirmngr/ks-engine-hkp.c (map_host): Add arg NO_SRV.
(make_host_part): Ditto.
(ks_hkp_resolve): Set NO_SRV from EXPLICIT_PORT.
(ks_hkp_search): Ditto.
(ks_hkp_get): Ditto.
(ks_hkp_put): Ditto.
--

This implements the behaviour of the keyserver helpers from 1.4 and
2.0.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-09 10:28:25 +01:00
Werner Koch 88dc3af3d4
dirmngr: Implement experimental SRV record lookup for WKD.
* dirmngr/server.c (cmd_wkd_get): Support SRV records.
--

This patch changes the way a WKD query is done.  Now we first look for
a SRV record for service "openpgpkey" and port "tcp" under the
to-be-queried domain.  If such a record was found and the target host
matches the to-be-queried domain or is a suffix to that domain, that
target host is used instead of the domain name.  The SRV record also
allows to change the port and obviously can be used for
load-balancing.

For example a query for the submission address of example.org with the
SRV record specification

_openpgpkey._tcp        IN     SRV   0 0  0    wkd.foo.org.
                        IN     SRV   0 0  0    wkd.example.net.
                        IN     SRV   0 0  4711 wkd.example.org.

(queried using the name "_openpgpkey._tcp.example.org") would fetch
from this URL:

 https://wkd.example.org:4711/.well-known/openpgpkey/submission-address

Note that the first two SRV records won't be used because foo.org and
example.net do not match example.org.  We require that the target host
is identical to the domain or be a subdomain of it.  This is so that
an attacker modifying the SRV records needs to setup a server in a
sub-domain of the actual domain and can't use an arbitrary domain.
Whether this is a sufficient requirement is not clear and needs
further discussion.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-08 18:42:50 +01:00
Werner Koch 714faea4fa
dirmngr: Improve debug output for TLS.
* dirmngr/misc.c (dump_cert): Also print SubjectAltNames.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-08 18:07:18 +01:00
Werner Koch 16078f3dee
dirmngr: Change internal SRV lookup API.
* dirmngr/dns-stuff.c (get_dns_srv): Add args SERVICE and PROTO.
* dirmngr/http.c (connect_server): Simplify SRV lookup.
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
* dirmngr/t-dns-stuff.c (main): Adjust for changed get_dns_srv.
--

This new API is more convenient because it includes commonly used
code.  Note that right now http.c's SRV record code is not used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-08 18:04:59 +01:00
Werner Koch 9fa94aa107
dirmngr: Strip root zone suffix from libdns SRV results.
* dirmngr/dns-stuff.c (getsrv_libdns): Strip trailing dot from the
target.
--

See-also: b200e636ab
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-08 18:00:38 +01:00
Werner Koch 9695124016
dirmngr: Make sure Tor mode is also set for DNS on SIGHUP.
* dirmngr/dns-stuff.c (enable_dns_tormode): Always succeed.
(reload_dns_stuff): Reset tor port.
* dirmngr/dirmngr.c (set_tor_mode): Also enable Tor mode for DNS.
(main): Remove warning that Tor mode may not fully work.
* dirmngr/server.c (cmd_dns_cert): Remove explicit Tor for DNS
initialization.
* dirmngr/t-dns-stuff.c (main): Remove option --new-circuit and error
checking for enable_dns_tormode.
--

This patch also resets the port on SIGHUP so that after starting Tor
SIGHUP is sufficient to use Tor.  Without the SIGHUP and when not
using the Tor browser Dirmngr would keep on trying the Tor browser
port.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-03 12:43:33 +01:00
Werner Koch 0004d52ba2
dirmngr: New debug message on correctly initialized libdns.
* dirmngr/dns-stuff.c (libdns_init): Add debug level diagnostic on
success.
--

This output may help to avoid questions when evaluating an Assuan log.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-03 12:43:33 +01:00
Werner Koch b200e636ab
dirmngr: Strip root zone suffix from libdns cname results.
* dirmngr/dns-stuff.c (resolve_name_libdns): Strip trailing dot.
(get_dns_cname_libdns): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-02 10:01:58 +01:00
NIIBE Yutaka d26c51825e dirmngr: Fix for --disable-libdns usage.
* dirmngr/dns-stuff.c (enable_recursive_resolver, set_dns_nameserver)
(reload_dns_stuff): Conditionalize with USE_LIBDNS.
(get_h_errno_as_gpg_error): Map HOST_NOT_FOUND to GPG_ERR_NO_NAME.

--

get_dns_srv assumes error code of GPG_ERR_NO_NAME when no SRV record
available.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
GnuPG-bug-id: 2889
2016-12-23 16:05:01 +09:00
Werner Koch 81c012787f
dirmngr: New option --resolver-timeout.
* dirmngr/dns-stuff.c (DEFAULT_TIMEOUT): New.
(opt_timeout): New var.
(set_dns_timeout): New.
(libdns_res_open): Set the default timeout.
(libdns_res_wait): Use configurable timeout.
(resolve_name_libdns): Ditto.

* dirmngr/dirmngr.c (oResolverTimeout): New const.
(opts): New option --resolver-timeout.
(parse_rereadable_options): Set that option.
(main) <aGPGConfList>: Add --nameserver and --resolver-timeout.
* tools/gpgconf-comp.c (gc_options_dirmngr): Add --resolver-timeout
and --nameserver.

* dirmngr/http.c (connect_server): Fix yesterday introduced bug in
error diagnostic.
--

This timeout is a pretty crude thing because libdns has a few other
internal timeouts as well.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-20 09:53:58 +01:00
Werner Koch af8b68fae3
dirmngr: Fix problems with the getsrv function.
* dirmngr/dns-stuff.c (opt_debug, opt_verbose): New vars.
(set_dns_verbose): New func.
(libdns_switch_port_p): Add debug output.
(resolve_dns_name): Ditto.
(get_dns_cert): Ditto.
(get_dns_cname): Ditto.
(getsrv_libdns, getsrv_standard): Change SRVCOUNT to an unsigend int.
(getsrv): Rename to ...
((get_dns_srv): this.  Add arg R_COUNT and return an error.  Add debug
output.
* dirmngr/http.c: Adjust for chnaged getsrv().
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
* dirmngr/t-dns-stuff.c (main): Ditto.  Call set_dns_verbose.
* dirmngr/dirmngr.c (parse_rereadable_options): Call set_dns_verbose.
--

Due to our switch to Libdns getsrv didn't worked correctly because it
returned -1 for an NXDOMAIN.  However, it is perfectly okay to have no
SRV record and thus we change the way this function is called to be
aligned with the other functions and also map NXDOMAIN to a zero SRV
record count.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-19 23:27:02 +01:00
Werner Koch d51499fdc5
dirmngr,w32: Hack around a select problem.
* dirmngr/dns.c (FD_SETSIZE): Bump up to 1024.
(dns_poll): Return an error instead of hitting an assertion failure.
--

For unknown reasons socket() return fd with values 244, 252, 268.  The
latter is above the FD_SETSIZE of 256.  It seems that select has been
build with a highler FD_SETSIZE limit.  Bump up to a reasonable large
value.

A better solution would be to grab some code from npth_eselect to
replace select.  We could also use npth_eselect direclty in
dns-stuff.c instead of using dns_res_poll.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-19 16:39:17 +01:00
Werner Koch e384405b6e
Remove unused debug flags and add "dns" and "network".
* g10/options.h (DBG_CARD_IO_VALUE, DBG_CARD_IO): Remove.
* g10/gpg.c (debug_flags): Remove "cardio".
* agent/agent.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
* agent/gpg-agent.c (debug_flags): Remove "command".
* scd/scdaemon.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
* scd/scdaemon.c (debug_flags): Remove "command".
* dirmngr/dirmngr.h (DBG_DNS_VALUE, DBG_DNS): New.
(DBG_NETWORK_VALUE, DNG_NETWORK): New.
* dirmngr/dirmngr.c (debug_flags): Add "dns" and "network".
--

Note that "dns" and "network" are not yet used but will soon be added
to dirmngr.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-19 09:41:15 +01:00
Werner Koch e77b924fec
dirmngr: Fix setup of libdns for W32.
* configure.ac (DNSLIB) {W32]: Add -liphlpapi.
* dirmngr/dns-stuff.c [W32]: Include iphlpapi.h and define
WIN32_LEAN_AND_MEAN.
(libdns_init) [W32]: Use GetNetworkParams to get the nameserver.
* dirmngr/t-dns-stuff.c (init_sockets): New.
(main): Call it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-17 21:57:10 +01:00
Werner Koch 024dbd7162
dirmngr: Auto-switch from Tor port to Torbrowser port.
* dirmngr/dns-stuff.c (libdns_tor_port): New var.
(set_dns_nameserver): Clear that var.
(libdns_init): Init var to the default port.
(libdns_switch_port_p): New func.
(resolve_dns_name): Use function to switch the port
(get_dns_cert): Ditto.
(getsrv): Ditto.
(get_dns_cname): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-16 21:56:23 +01:00
Werner Koch c4e8a3194d
dirmngr: Use one context for all libdns queries.
* dirmngr/dns-stuff.c (libdns_reinit_pending): New var.
(enable_recursive_resolver): Set var.
(set_dns_nameserver): Ditto.
(libdns_init): Avoid double initialization.
(libdns_deinit): New.
(reload_dns_stuff): New.
(libdns_res_open): Act upon LIBDNS_REINIT_PENDING.
* dirmngr/t-dns-stuff.c (main): Call reload_dns_stuff to release
memory.
* dirmngr/dirmngr.c (cleanup): Ditto.
(dirmngr_sighup_action): Call reload_dns_stuff to set
LIBDNS_REINIT_PENDING.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-16 21:00:14 +01:00
Werner Koch ddb4808683
dirmngr: Pass Tor credentials to libdns.
* dirmngr/dns-stuff.c (tor_credentials): Replace by ...
(tor_socks_user, tor_socks_password): new vars.
(enable_dns_tormode): Set these new vars.
(libdns_res_open): Tell libdns the socks credentials.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-16 20:25:02 +01:00
Werner Koch 59d3c3e4ba
dirmngr: Factor common libdns code out.
* dirmngr/dns-stuff.c (libdns_res_open): New.  Replace all libdns_init
and dns-res_open by a call to this func.
(libdns_res_submit): New wrapper.  Replace all dns_res_sumbit calls.
(libdns_res_wait): New function.
(resolve_name_libdns): Replace loop by libdns_res_wait.
(get_dns_cert_libdns): Ditto.
(getsrv_libdns): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-16 20:09:27 +01:00
Werner Koch 2d1760ffe2
dirmngr: First patch to re-enable Tor support.
* dirmngr/dns-stuff.c (SOCKS_PORT, TOR_PORT, TOR_PORT2): New
constants.
(libdns_init): Start adding tor support.
(resolve_name_libdns): Pass socks hosts to dns_res_open.
(get_dns_cert_libdns): Ditto.
(getsrv_libdns): Ditto.
(get_dns_cname_libdns): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-15 11:01:25 +01:00
Werner Koch d34a2bb410
dirmngr: New configure option --disable-libdns.
* configure.ac: Add option --disable-libdns
(USE_LIBDNS): New ac_subst and am_conditional.
(USE_C99_CFLAGS): Set only if libdns is used.
* dirmngr/Makefile.am (dirmngr_SOURCES): Move dns.c and dns.h to ...
(dirmngr_SOURCES) [USE_LIBDNS0: here.
(t_common_src): Ditto.
* dirmngr/dirmngr.c (oRecursiveResolver): New constant.
(opts): New option "--recursive-resolver".
(parse_rereadable_options): Set option.
* dirmngr/t-dns-stuff.c (main): Add option --recursive-resolver.
* dirmngr/server.c (cmd_getinfo): Depend output of "dnsinfo" on the
new variables.
* dirmngr/dns-stuff.c: Include dns.h only if USE_DNSLIB is defined.
Also build and call dnslib functions only if USE_DNSLIB is defined.
(recursive_resolver): New var.
(enable_recursive_resolver): New func.
(recursive_resolver_p): New func.
--

In case users run into problems building GnuPG, the configure option
allows to disable that support and continue w/o Tor support using the
system resolver.

--recursive-resolver was easy enough to implement and may be useful in
some situation.  It does not fully work, though.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-14 15:57:17 +01:00
Werner Koch 3c2a7918ea
dirmngr: Implement CERT record lookup via libdns.
* dirmngr/dns-stuff.c (get_dns_cert_libdns): New.
(get_dns_cert_standard): Fix URL malloc checking.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-14 15:57:17 +01:00
Werner Koch 4c13e4e3de
dirmngr: Implement CNAME and SRV record lookup via libdns.
* dirmngr/dns-stuff.c (dns_free): New macro.
(libdns): Move var to the top.
(libdns_error_to_gpg_error): Map error codes to the new gpg-error
codes.
(resolve_name_libdns): Restructure code.
(getsrv_libdns): New.
(get_dns_cname_libdns): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-14 15:57:17 +01:00
Werner Koch 4a030f682e
dirmngr: Fix bugs in the standard resolver code.
* dirmngr/dns-stuff.c: Include dirmngr-err.h to set the correct error
source.
(get_h_errno_as_gpg_error): New.
(get_dns_cert_libdns): Fix error code.
(getsrv_libdns): Add arg R_COUNT and return an error code.
(getsrv_standard): Ditto.  Fix handling of res_query errors and
provide the correct size for the return buffer.
(getsrv): Adjust for changed worker functions.
(get_dns_cname_standard): Fix handling of res_query errors and provide
the correct size for the return buffer.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-14 15:57:16 +01:00
Werner Koch 392966aed9
dirmngr: Require a c99 compiler
* configure.ac (USE_C99_CFLAGS): New ac_subst.  Set to -std=gnu99 for
gcc.
* dirmngr/Makefile.am (AM_CFLAGS): Add USE_C99_CFLAGS.
(t_http_CFLAGS): Ditto.
(t_ldap_parse_uri_CFLAGS): Ditto.
(t_dns_stuff_CFLAGS): Ditto.
--

C99 and the GCC option is required for use with dns.c which makes
heavy use of C99 features.  We should consider to switch GnuPG
entirely to C99 but enable gcc warnings to detect features which are
not supported by not-real-c99 compilers and which makes audits
harder (VLA etc.).

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-14 15:57:16 +01:00
Justus Winter f8ab2c4c70
dirmngr: New libdns snapshot 2016-12-14 15:56:58 +01:00
Justus Winter f6acd04264
dirmngr: Add basic libdns support
* dirmngr/dns.c: New file.
* dirmngr/dns.h: New file.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add new files.
* dirmngr/dns-stuff.c: Include dns.h.xxx use libdns
(libdns): New global var for the libdns state.
(libdns_error_to_gpg_error): New.
(libdns_init): New.
(resolve_name_libdns): New.
(get_dns_cert_libdns): New stub.
(getsrv_libdns): New stub.
(get_dns_cname_libdns): New stub.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-14 15:56:31 +01:00
Justus Winter 2e734a3ce1
dirmngr,build: Remove support for ADNS.
* autogen.rc: Remove '--with-adns' argument.
* configure.ac: Remove check for ADNS.
* dirmngr/dns-stuff.c: Remove all code that uses ADNS.
* dirmngr/server.c (cmd_getinfo): Update status line.
* doc/dirmngr.texi: Do not mention ADNS.
--

We used ADNS to support queries over Tor.  However, our patch to ADNS
that adds Tor support was never accepted upstream.  Furthermore, there
are other shortcomings that let us to consider alternatives.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-14 15:52:01 +01:00
NIIBE Yutaka 57aa42ce9b dirmngr: Improve ntbtls support.
* dirmngr/http.c [HTTP_USE_NTBTLS] (close_tls_session): Release.
(send_request): Call ntbtls_set_transport.
(cookie_read, cookie_write): Implement.
(cookie_close): Add initial implementation for ntbtls.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-12-14 16:17:03 +09:00
Werner Koch cb4c7abb77
Fix 2 compiler warnings.
* dirmngr/loadswdb.c: Set ERR on malloc failure.
* g10/passphrase.c (passphrase_to_dek): Initialize all fields of
HELP_S2K.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-08 19:02:56 +01:00
Werner Koch 304566d332
dirmngr: Add option --standard-resolver.
* dirmngr/dirmngr.c (oStandardResolver): New constant.
(opts): New option --standard-resolver.
(parse_rereadable_options): Set option.
* dirmngr/dns-stuff.c: Refactor all code to support the new option.
(standard_resolver): New var.
(enable_standard_resolver, standard_resolver_p): New func.
* dirmngr/http.c (connect_server): Remove USE_DNS_SRV build
conditional.
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
* dirmngr/server.c (cmd_getinfo) <dnsinfo>: Take care of new option
* configure.ac (HAVE_ADNS_IF_TORMODE): Remove var ADNSLIB.  ac_define
USE_ADNS in the adns checking code.  Remove options --disable-dns-srv
and --disable-dns-cert.  Always look for the system resolver.  Print
warning if no system resolver was found.
(USE_DNS_CERT, USE_DNS_SRV): Remove ac_defines.
(HAVE_SYSTEM_RESOLVER): New ac_define.
(USE_DNS_SRV): Remove am_conditional; not used anyway.
--

This option allows for runtime switching to the system's standard
resolver.  This is mainly useful to work around possible bugs in the
optional resolver libraries (as of now ADNS).  Note that on Windows
there is no code to use systems's resolver and thus for full
functionality dirmngr must be build with a separate resolver.

This patch also does way with configure options to disable the use of
CERT and SRV records.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-01 16:40:32 +01:00
Werner Koch aa6ab9e0bc
agent,dirmngr: Tiny restructuring.
* agent/gpg-agent.c (handle_connections): Add a comment.
* dirmngr/dirmngr.c (main): Move assuan_sock_close of the listening
socket to ...
(handle_connections): here.  Add a comment why we keep the
listening socket open during a shutdown.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-29 20:35:23 +01:00
Werner Koch 854adc8ae1
agent,dirmngr: Handle corner case in shutdown mode.
* agent/gpg-agent.c (handle_connections): Keep on selecting on the
inotify fd even when a shutdown is pending.
* dirmngr/dirmngr.c (handle_connections): Ditto.  Also simplifyy the
use of the HAVE_INOTIFY_INIT cpp conditional.
--

Without that patch we won't notice a removed socket when a shutdown is
pending.  This is somewhat related to bug report 2849.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-29 20:17:03 +01:00
Daniel Kahn Gillmor f6728d13e8
dirmngr: Lazily launch ldap reaper thread.
* dirmngr/dirmngr.c (main): Avoid calling ldap_wrapper_launch_thread()
Before we need it.
* dirmngr/ldap-wrapper.c (ldap_wrapper): Call
ldap_wrapper_launch_thread() just in time (before any attempt to use
an ldap subprocess).

--

A dirmngr process that never looks anything up in LDAP has no need for
a reaper thread, but one was started automatically.  This thread wakes
up every two seconds to look for ldap processes that might never have
been running.  We won't start more than one reaper thread for any
given dirmngr due to the static int "done" in
ldap_wrapper_launch_thread(), so it's safe to call this every time
there is a use of ldap_wrapper.

If someone wants to do further dirmngr optimizations for ldap users,
the reaper thread itself could use dynamically-calculated timeouts
(and probably needs to be alerted dynamically when a new ldap
subprocess is available so it can re-calculate those timeouts).

Note: It's not clear to me how to test ldap access effectively; i know
of no public ldap services that i can verify against, and i do not run
my own ldap servers.  If someone has a publicly-available ldap server
that developers can run tests against, i would be happy to hear about
it.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-11-29 14:32:31 +01:00
Werner Koch 833eef974a
dirmngr: Use a longer timer tick interval.
* dirmngr/dirmngr.c (TIMERTICK_INTERVAL): Always use 60 seconds like
we did for WindowsCE.
--

Given that the timer tick is only used for housekeeping tasks and
these are done every 10 minutes, it makes no sense to use 2 seconds.
The minor drawback is tha the housekeeping may be delayed by one
minute.

NB: For the purpose of power saving, we already make sure that the
process wakes up at the full second so that it is synchronized to the
wakeup time of other processes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-18 08:30:33 +01:00
Daniel Kahn Gillmor b3a9172012
dirmngr: More w32 system daemon cleanup
* dirmngr/dirmngr.c (handle_tick): Remove w32 tests for
shutdown_pending; no longer needed.

--

In d83ba4897b, we removed the
Windows-specific system daemon features, where shutdown_pending was
set from w32_service_control().  shutdown_pending is now never
assigned outside of handle_signal() or within an inotify test, neither
of which are available on w32.

As a result, this stanza in handle_tick() should be dead code, and can
be removed to keep things simple.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

s/win32/w32/ to please RMS ;-)  -wk
2016-11-18 08:30:33 +01:00
Daniel Kahn Gillmor 8fb4822524
dirmngr: Use a default keyserver if none is explicitly set
* configure.ac: Define DIRMNGR_DEFAULT_KEYSERVER.
* dirmngr/server.c (ensure_keyserver): Use it if no keyservers are set.
* doc/dirmngr.texi: Document this behavior.

--

A user who doesn't specify a keyserver, but asks gnupg to fetch a key
currently just gets a simple error messages "No keyserver available".

If the user is asking to contact a keyserver, we should have a
reasonable default, and not require them to fiddle with settings when
they might not know what settings to choose.  This patch makes the
default hkps://hkps.pool.sks-keyservers.net.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-11-17 15:29:35 +01:00
Daniel Kahn Gillmor 7c1613d415
dirmngr: Add system CAs if no hkp-cacert is given
* dirmngr/dirmngr.c (http_session_new): If the user isn't talking to
the HKPS pool, and they have not specified any hkp-cacert, then we
should default to the system CAs, rather than nothing.
* doc/dirmngr.texi: Document choice of CAs.

--

Consider three possible classes of dirmngr configuration:

 a) no hkps:// keyserver URLs at all (communication with keyservers is
    entirely in the clear)

 b) hkps:// keyserver URLs, but no hkp-cacert directives

 c) hkps:// keyserver URLs, and at least one hkp-cacert directive

class (a) provides no confidentiality of requests.

class (b) currently will never work because the server certificate
cannot be validated.

class (c) is currently supported as intended.

This patch allows users with configurations in class (b) to work as
most users expect (relying on the system certificate authorities),
without affecting users in classes (a) or (c).

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

o minor indentation fix
  - wk
2016-11-17 15:29:35 +01:00
Daniel Kahn Gillmor c4e02a3b7a
dirmngr: Register hkp-cacert even if the file doesn't exist yet
* dirmngr/dirmngr.c (parse_readable_options): If we're unable to turn
an argument for hkp-cacert into an absolute filename, terminate
completely.
* dirmngr/http.c (http_register_tls_ca): Show a warning if file is not
immediately accessible, but register it anyway.

--

Without this changeset, the condition of the filesystem when dirmngr
is initialized will have an effect on later activities of dirmngr.

For example, if a file identified by a hkp-cacert directive doesn't
exist when dirmngr starts, dirmngr will behave as though it simply
didn't have the hkp-cacert directive set at all, even if the file
should appear later.

dirmngr currently behaves differently if no hkp-cacert directives have
been set then it does when at least one hkp-cacert directive has been
set.  For example, its choice of CA cert for
hkps://hkps.pool.sks-keyservers.net depends on whether a TLS CA file
has been registered.  That behavior shouldn't additionally depend on
the state of the filesystem at the time of dirmngr launch.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-11-17 15:29:35 +01:00
Werner Koch bd91f92ace
dirmngr: Auto-sownload the swdb.lst
* dirmngr/dirmngr.h (struct opt): Add field allow_version_check.
* dirmngr/dirmngr.c (oAllowVersionCheck): New.
(opts): Add --allow-version-check.
(network_activity_seen): New variable.
(parse_rereadable_options): Set opt.allow_version_check.
(main) <aGPGConfList>: Do not anymore set the no change flag for
Windows.  Add allow-version-check.
(netactivity_action): Set network_activity_seen.
(housekeeping_thread): Call dirmngr_load_swdb.
* tools/gpgconf-comp.c (gc_options_dirmngr): Add allow-version-check.
Make "use-tor" available at Basic level.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-17 10:14:14 +01:00
Werner Koch c45ca316a5
dirmngr: Improve downloading of swdb.lst.
* dirmngr/loadswdb.c (time_of_saved_swdb): Aslo return the "verified"
timestamp.
(dirmngr_load_swdb): Avoid unnecessary disk or network access witout
FORCE.  Do not update swdb.lst if it did not change.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-17 10:08:20 +01:00
Werner Koch 52c10a280a
dirmngr: Add command to only load the swdb.
* dirmngr/loadswdb.c: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add that file.
* dirmngr/server.c: Remove includes cpparray.h and exectool.h.
(cmd_loadswdb): New.
(parse_version_number,parse_version_string): Remove.
(my_mktmpdir, cmp_version): Remove.
(fetch_into_tmpdir): Remove.
(struct verify_swdb_parm_s): Remove.
(verify_swdb_status_cb): Remove.
(cmd_versioncheck): Remove.
(register_commands): Register LOADSWDB.  Remove VERSIONCHECK.
--

This change is required to to the new design where gpgconf does the
version check w/o network access and only dirmngr is responsible for
getting the swdb.

In the next installment the loading will be triggered as needed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 21:22:39 +01:00
Werner Koch 4839e6d002
scd,dirmngr: Keep the standard fds when daemonizing.
* dirmngr/dirmngr.c (main): Before calling setsid do not close the
standard fds but connect them to /dev/null.
* scd/scdaemon.c (main): Ditto.  Noet that the old test for a log
stream was even reverted.

--

Note that this was fixed for gpg-agent 10 years ago on 2006-11-09.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 21:17:47 +01:00
Werner Koch 7b04a43c05
dirmngr: Prepare to trigger jobs by network activity.
* dirmngr/http.c (netactivity_cb): New.
(http_register_netactivity_cb): New.
(notify_netactivity): New.
(connect_server): Call that function.
* dirmngr/dirmngr.c (main): Call http_register_netactivity_cb.
(netactivity_action): New stub handler.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-11 17:30:23 +01:00
Werner Koch c7ea98cd3d
dirmngr: Improve concurrency in the non-adns case.
* dirmngr/dns-stuff.c (map_adns_status_to_gpg_error): New.
(resolve_name_adns, get_dns_cert, get_dns_cname): Use that function.
(getsrv) [!USE_ADNS]: Call res_query outside of nPth.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-10 11:41:53 +01:00
Werner Koch 4d7dc432b5
Change all http://www.gnu.org in license notices to https://
--
2016-11-05 12:02:19 +01:00
Werner Koch 5a1f6a0062
dirmngr: Fix signature checking.
* dirmngr/server.c: Include cpparray.h.
(verify_swdb_parm_s): New.
(verify_swdb_status_cb): New.
(cmd_versioncheck): Use gpgv to correclty verify the signature.
Rename some variable to comply with GNU standards.
--

Relying on the return code of gpg is not a robust way to check
signatures.  We better use our dedicated tool.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-27 20:35:28 +02:00
Justus Winter 445f0c13d7 Fix typos.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-27 14:59:56 +02:00
Werner Koch cf20b23c14
dirmngr: Do not implement --supervised in Windows.
* dirmngr/dirmngr.c (opts) [W32]: Remove --supervised.
(main) [W32]: Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-27 09:27:37 +02:00